Merge "plat/arm: Introduce and use libc_asm.mk makefile" into integration
diff --git a/Makefile b/Makefile
index af829f2..a9a4d90 100644
--- a/Makefile
+++ b/Makefile
@@ -855,71 +855,77 @@
# Build options checks
################################################################################
-$(eval $(call assert_boolean,ALLOW_RO_XLAT_TABLES))
-$(eval $(call assert_boolean,COLD_BOOT_SINGLE_CPU))
-$(eval $(call assert_boolean,CREATE_KEYS))
-$(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS))
-$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
-$(eval $(call assert_boolean,CTX_INCLUDE_PAUTH_REGS))
-$(eval $(call assert_boolean,CTX_INCLUDE_MTE_REGS))
-$(eval $(call assert_boolean,CTX_INCLUDE_EL2_REGS))
-$(eval $(call assert_boolean,DEBUG))
-$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
-$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
-$(eval $(call assert_boolean,ENABLE_AMU))
-$(eval $(call assert_boolean,ENABLE_ASSERTIONS))
-$(eval $(call assert_boolean,ENABLE_MPAM_FOR_LOWER_ELS))
-$(eval $(call assert_boolean,ENABLE_PIE))
-$(eval $(call assert_boolean,ENABLE_PMF))
-$(eval $(call assert_boolean,ENABLE_PSCI_STAT))
-$(eval $(call assert_boolean,ENABLE_RUNTIME_INSTRUMENTATION))
-$(eval $(call assert_boolean,ENABLE_SPE_FOR_LOWER_ELS))
-$(eval $(call assert_boolean,ENABLE_SVE_FOR_NS))
-$(eval $(call assert_boolean,ERROR_DEPRECATED))
-$(eval $(call assert_boolean,FAULT_INJECTION_SUPPORT))
-$(eval $(call assert_boolean,GENERATE_COT))
-$(eval $(call assert_boolean,GICV2_G0_FOR_EL3))
-$(eval $(call assert_boolean,HANDLE_EA_EL3_FIRST))
-$(eval $(call assert_boolean,HW_ASSISTED_COHERENCY))
-$(eval $(call assert_boolean,INVERTED_MEMMAP))
-$(eval $(call assert_boolean,MEASURED_BOOT))
-$(eval $(call assert_boolean,NS_TIMER_SWITCH))
-$(eval $(call assert_boolean,OVERRIDE_LIBC))
-$(eval $(call assert_boolean,PL011_GENERIC_UART))
-$(eval $(call assert_boolean,PROGRAMMABLE_RESET_ADDRESS))
-$(eval $(call assert_boolean,PSCI_EXTENDED_STATE_ID))
-$(eval $(call assert_boolean,RAS_EXTENSION))
-$(eval $(call assert_boolean,RESET_TO_BL31))
-$(eval $(call assert_boolean,SAVE_KEYS))
-$(eval $(call assert_boolean,SEPARATE_CODE_AND_RODATA))
-$(eval $(call assert_boolean,SEPARATE_NOBITS_REGION))
-$(eval $(call assert_boolean,SPIN_ON_BL1_EXIT))
-$(eval $(call assert_boolean,SPM_MM))
-$(eval $(call assert_boolean,SPMD_SPM_AT_SEL2))
-$(eval $(call assert_boolean,TRUSTED_BOARD_BOOT))
-$(eval $(call assert_boolean,USE_COHERENT_MEM))
-$(eval $(call assert_boolean,USE_DEBUGFS))
-$(eval $(call assert_boolean,ARM_IO_IN_DTB))
-$(eval $(call assert_boolean,SDEI_IN_FCONF))
-$(eval $(call assert_boolean,SEC_INT_DESC_IN_FCONF))
-$(eval $(call assert_boolean,USE_ROMLIB))
-$(eval $(call assert_boolean,USE_TBBR_DEFS))
-$(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY))
-$(eval $(call assert_boolean,BL2_AT_EL3))
-$(eval $(call assert_boolean,BL2_IN_XIP_MEM))
-$(eval $(call assert_boolean,BL2_INV_DCACHE))
-$(eval $(call assert_boolean,USE_SPINLOCK_CAS))
-$(eval $(call assert_boolean,ENCRYPT_BL31))
-$(eval $(call assert_boolean,ENCRYPT_BL32))
-$(eval $(call assert_boolean,ERRATA_SPECULATIVE_AT))
-$(eval $(call assert_boolean,RAS_TRAP_LOWER_EL_ERR_ACCESS))
-$(eval $(call assert_boolean,COT_DESC_IN_DTB))
-$(eval $(call assert_boolean,USE_SP804_TIMER))
+$(eval $(call assert_booleans,\
+ $(sort \
+ ALLOW_RO_XLAT_TABLES \
+ COLD_BOOT_SINGLE_CPU \
+ CREATE_KEYS \
+ CTX_INCLUDE_AARCH32_REGS \
+ CTX_INCLUDE_FPREGS \
+ CTX_INCLUDE_PAUTH_REGS \
+ CTX_INCLUDE_MTE_REGS \
+ CTX_INCLUDE_EL2_REGS \
+ DEBUG \
+ DYN_DISABLE_AUTH \
+ EL3_EXCEPTION_HANDLING \
+ ENABLE_AMU \
+ ENABLE_ASSERTIONS \
+ ENABLE_MPAM_FOR_LOWER_ELS \
+ ENABLE_PIE \
+ ENABLE_PMF \
+ ENABLE_PSCI_STAT \
+ ENABLE_RUNTIME_INSTRUMENTATION \
+ ENABLE_SPE_FOR_LOWER_ELS \
+ ENABLE_SVE_FOR_NS \
+ ERROR_DEPRECATED \
+ FAULT_INJECTION_SUPPORT \
+ GENERATE_COT \
+ GICV2_G0_FOR_EL3 \
+ HANDLE_EA_EL3_FIRST \
+ HW_ASSISTED_COHERENCY \
+ INVERTED_MEMMAP \
+ MEASURED_BOOT \
+ NS_TIMER_SWITCH \
+ OVERRIDE_LIBC \
+ PL011_GENERIC_UART \
+ PROGRAMMABLE_RESET_ADDRESS \
+ PSCI_EXTENDED_STATE_ID \
+ RAS_EXTENSION \
+ RESET_TO_BL31 \
+ SAVE_KEYS \
+ SEPARATE_CODE_AND_RODATA \
+ SEPARATE_NOBITS_REGION \
+ SPIN_ON_BL1_EXIT \
+ SPM_MM \
+ SPMD_SPM_AT_SEL2 \
+ TRUSTED_BOARD_BOOT \
+ USE_COHERENT_MEM \
+ USE_DEBUGFS \
+ ARM_IO_IN_DTB \
+ SDEI_IN_FCONF \
+ SEC_INT_DESC_IN_FCONF \
+ USE_ROMLIB \
+ USE_TBBR_DEFS \
+ WARMBOOT_ENABLE_DCACHE_EARLY \
+ BL2_AT_EL3 \
+ BL2_IN_XIP_MEM \
+ BL2_INV_DCACHE \
+ USE_SPINLOCK_CAS \
+ ENCRYPT_BL31 \
+ ENCRYPT_BL32 \
+ ERRATA_SPECULATIVE_AT \
+ RAS_TRAP_LOWER_EL_ERR_ACCESS \
+ COT_DESC_IN_DTB \
+ USE_SP804_TIMER \
+)))
-$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
-$(eval $(call assert_numeric,ARM_ARCH_MINOR))
-$(eval $(call assert_numeric,BRANCH_PROTECTION))
-$(eval $(call assert_numeric,FW_ENC_STATUS))
+$(eval $(call assert_numerics,\
+ $(sort \
+ ARM_ARCH_MAJOR \
+ ARM_ARCH_MINOR \
+ BRANCH_PROTECTION \
+ FW_ENC_STATUS \
+)))
ifdef KEY_SIZE
$(eval $(call assert_numeric,KEY_SIZE))
@@ -935,68 +941,71 @@
# platform to overwrite the default options
################################################################################
-$(eval $(call add_define,ALLOW_RO_XLAT_TABLES))
-$(eval $(call add_define,ARM_ARCH_MAJOR))
-$(eval $(call add_define,ARM_ARCH_MINOR))
-$(eval $(call add_define,COLD_BOOT_SINGLE_CPU))
-$(eval $(call add_define,CTX_INCLUDE_AARCH32_REGS))
-$(eval $(call add_define,CTX_INCLUDE_FPREGS))
-$(eval $(call add_define,CTX_INCLUDE_PAUTH_REGS))
-$(eval $(call add_define,EL3_EXCEPTION_HANDLING))
-$(eval $(call add_define,CTX_INCLUDE_MTE_REGS))
-$(eval $(call add_define,CTX_INCLUDE_EL2_REGS))
-$(eval $(call add_define,DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT}))
-$(eval $(call add_define,ENABLE_AMU))
-$(eval $(call add_define,ENABLE_ASSERTIONS))
-$(eval $(call add_define,ENABLE_BTI))
-$(eval $(call add_define,ENABLE_MPAM_FOR_LOWER_ELS))
-$(eval $(call add_define,ENABLE_PAUTH))
-$(eval $(call add_define,ENABLE_PIE))
-$(eval $(call add_define,ENABLE_PMF))
-$(eval $(call add_define,ENABLE_PSCI_STAT))
-$(eval $(call add_define,ENABLE_RUNTIME_INSTRUMENTATION))
-$(eval $(call add_define,ENABLE_SPE_FOR_LOWER_ELS))
-$(eval $(call add_define,ENABLE_SVE_FOR_NS))
-$(eval $(call add_define,ENCRYPT_BL31))
-$(eval $(call add_define,ENCRYPT_BL32))
-$(eval $(call add_define,ERROR_DEPRECATED))
-$(eval $(call add_define,FAULT_INJECTION_SUPPORT))
-$(eval $(call add_define,GICV2_G0_FOR_EL3))
-$(eval $(call add_define,HANDLE_EA_EL3_FIRST))
-$(eval $(call add_define,HW_ASSISTED_COHERENCY))
-$(eval $(call add_define,LOG_LEVEL))
-$(eval $(call add_define,MEASURED_BOOT))
-$(eval $(call add_define,NS_TIMER_SWITCH))
-$(eval $(call add_define,PL011_GENERIC_UART))
-$(eval $(call add_define,PLAT_${PLAT}))
-$(eval $(call add_define,PROGRAMMABLE_RESET_ADDRESS))
-$(eval $(call add_define,PSCI_EXTENDED_STATE_ID))
-$(eval $(call add_define,RAS_EXTENSION))
-$(eval $(call add_define,RESET_TO_BL31))
-$(eval $(call add_define,SEPARATE_CODE_AND_RODATA))
-$(eval $(call add_define,SEPARATE_NOBITS_REGION))
-$(eval $(call add_define,RECLAIM_INIT_CODE))
-$(eval $(call add_define,SPD_${SPD}))
-$(eval $(call add_define,SPIN_ON_BL1_EXIT))
-$(eval $(call add_define,SPM_MM))
-$(eval $(call add_define,SPMD_SPM_AT_SEL2))
-$(eval $(call add_define,TRUSTED_BOARD_BOOT))
-$(eval $(call add_define,USE_COHERENT_MEM))
-$(eval $(call add_define,USE_DEBUGFS))
-$(eval $(call add_define,ARM_IO_IN_DTB))
-$(eval $(call add_define,SDEI_IN_FCONF))
-$(eval $(call add_define,SEC_INT_DESC_IN_FCONF))
-$(eval $(call add_define,USE_ROMLIB))
-$(eval $(call add_define,USE_TBBR_DEFS))
-$(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY))
-$(eval $(call add_define,BL2_AT_EL3))
-$(eval $(call add_define,BL2_IN_XIP_MEM))
-$(eval $(call add_define,BL2_INV_DCACHE))
-$(eval $(call add_define,USE_SPINLOCK_CAS))
-$(eval $(call add_define,ERRATA_SPECULATIVE_AT))
-$(eval $(call add_define,RAS_TRAP_LOWER_EL_ERR_ACCESS))
-$(eval $(call add_define,COT_DESC_IN_DTB))
-$(eval $(call add_define,USE_SP804_TIMER))
+$(eval $(call add_defines,\
+ $(sort \
+ ALLOW_RO_XLAT_TABLES \
+ ARM_ARCH_MAJOR \
+ ARM_ARCH_MINOR \
+ COLD_BOOT_SINGLE_CPU \
+ CTX_INCLUDE_AARCH32_REGS \
+ CTX_INCLUDE_FPREGS \
+ CTX_INCLUDE_PAUTH_REGS \
+ EL3_EXCEPTION_HANDLING \
+ CTX_INCLUDE_MTE_REGS \
+ CTX_INCLUDE_EL2_REGS \
+ DECRYPTION_SUPPORT_${DECRYPTION_SUPPORT} \
+ ENABLE_AMU \
+ ENABLE_ASSERTIONS \
+ ENABLE_BTI \
+ ENABLE_MPAM_FOR_LOWER_ELS \
+ ENABLE_PAUTH \
+ ENABLE_PIE \
+ ENABLE_PMF \
+ ENABLE_PSCI_STAT \
+ ENABLE_RUNTIME_INSTRUMENTATION \
+ ENABLE_SPE_FOR_LOWER_ELS \
+ ENABLE_SVE_FOR_NS \
+ ENCRYPT_BL31 \
+ ENCRYPT_BL32 \
+ ERROR_DEPRECATED \
+ FAULT_INJECTION_SUPPORT \
+ GICV2_G0_FOR_EL3 \
+ HANDLE_EA_EL3_FIRST \
+ HW_ASSISTED_COHERENCY \
+ LOG_LEVEL \
+ MEASURED_BOOT \
+ NS_TIMER_SWITCH \
+ PL011_GENERIC_UART \
+ PLAT_${PLAT} \
+ PROGRAMMABLE_RESET_ADDRESS \
+ PSCI_EXTENDED_STATE_ID \
+ RAS_EXTENSION \
+ RESET_TO_BL31 \
+ SEPARATE_CODE_AND_RODATA \
+ SEPARATE_NOBITS_REGION \
+ RECLAIM_INIT_CODE \
+ SPD_${SPD} \
+ SPIN_ON_BL1_EXIT \
+ SPM_MM \
+ SPMD_SPM_AT_SEL2 \
+ TRUSTED_BOARD_BOOT \
+ USE_COHERENT_MEM \
+ USE_DEBUGFS \
+ ARM_IO_IN_DTB \
+ SDEI_IN_FCONF \
+ SEC_INT_DESC_IN_FCONF \
+ USE_ROMLIB \
+ USE_TBBR_DEFS \
+ WARMBOOT_ENABLE_DCACHE_EARLY \
+ BL2_AT_EL3 \
+ BL2_IN_XIP_MEM \
+ BL2_INV_DCACHE \
+ USE_SPINLOCK_CAS \
+ ERRATA_SPECULATIVE_AT \
+ RAS_TRAP_LOWER_EL_ERR_ACCESS \
+ COT_DESC_IN_DTB \
+ USE_SP804_TIMER \
+)))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
@@ -1157,7 +1166,13 @@
clean:
@echo " CLEAN"
$(call SHELL_REMOVE_DIR,${BUILD_PLAT})
+ifdef UNIX_MK
${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
+else
+# Clear the MAKEFLAGS as we do not want
+# to pass the gnumake flags to nmake.
+ ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean
+endif
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean
${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean
@@ -1166,7 +1181,13 @@
@echo " REALCLEAN"
$(call SHELL_REMOVE_DIR,${BUILD_BASE})
$(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*)
+ifdef UNIX_MK
${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
+else
+# Clear the MAKEFLAGS as we do not want
+# to pass the gnumake flags to nmake.
+ ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean
+endif
${Q}${MAKE} --no-print-directory -C ${SPTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean
@@ -1252,7 +1273,16 @@
.PHONY: ${FIPTOOL}
${FIPTOOL}:
+ @${ECHO_BLANK_LINE}
+ @echo "Building $@"
+ifdef UNIX_MK
${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH}
+else
+# Clear the MAKEFLAGS as we do not want
+# to pass the gnumake flags to nmake.
+ ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL))
+endif
+ @${ECHO_BLANK_LINE}
sptool: ${SPTOOL}
.PHONY: ${SPTOOL}
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 0948e94..735d1fc 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -89,10 +89,16 @@
CRASH_REPORTING := $(DEBUG)
endif
-$(eval $(call assert_boolean,CRASH_REPORTING))
-$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
-$(eval $(call assert_boolean,SDEI_SUPPORT))
+$(eval $(call assert_booleans,\
+ $(sort \
+ CRASH_REPORTING \
+ EL3_EXCEPTION_HANDLING \
+ SDEI_SUPPORT \
+)))
-$(eval $(call add_define,CRASH_REPORTING))
-$(eval $(call add_define,EL3_EXCEPTION_HANDLING))
-$(eval $(call add_define,SDEI_SUPPORT))
+$(eval $(call add_defines,\
+ $(sort \
+ CRASH_REPORTING \
+ EL3_EXCEPTION_HANDLING \
+ SDEI_SUPPORT \
+)))
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index 50abc81..ab2d3f9 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -64,6 +64,8 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:M: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com>
:G: `javieralso-arm`_
+:M: Chris Kay <chris.kay@arm.com>
+:G: `CJkay`_
:F: /
Software Delegated Exception Interface (SDEI)
@@ -521,8 +523,7 @@
UniPhier platform port
^^^^^^^^^^^^^^^^^^^^^^
-:M: Masahiro Yamada <yamada.masahiro@socionext.com>
-:G: `masahir0y`_
+:M: Orphan
:F: docs/plat/socionext-uniphier.rst
:F: plat/socionext/uniphier/
@@ -646,5 +647,6 @@
.. _madhukar-Arm: https://github.com/madhukar-Arm
.. _john-powell-arm: https://github.com/john-powell-arm
.. _raghuncstate: https://github.com/raghuncstate
+.. _CJKay: https://github.com/cjkay
.. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index c58cd08..9a65e64 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -283,18 +283,25 @@
paths to the SP binary image and associated DTS partition manifest file.
The latter is going through the dtc compiler to generate the dtb fed into
the SP package.
+This file also specifies the owner of the SP, which is an optional field and
+identifies the signing domain in case of dualroot CoT.
+The possible owner of an SP could either be Silicon Provider or Platform, and
+the corresponding "owner" field value could either be "SiP" or "Plat".
+In absence of "owner" field, it defaults to "SiP".
.. code:: shell
{
"tee1" : {
"image": "tee1.bin",
- "pm": "tee1.dts"
+ "pm": "tee1.dts",
+ "owner": "SiP"
},
"tee2" : {
"image": "tee2.bin",
- "pm": "tee2.dts"
+ "pm": "tee2.dts",
+ "owner": "Plat"
}
}
@@ -376,8 +383,9 @@
The multiple-signing domain feature (in current state dual signing domain) allows
the use of two root keys namely S-ROTPK and NS-ROTPK (see `[8]`_):
-- SPMC(BL32), SPMC manifest, SPs may be signed by the SiP using the S-ROTPK.
+- SPMC (BL32) and SPMC manifest are signed by the SiP using the S-ROTPK.
- BL33 may be signed by the OEM using NS-ROTPK.
+- An SP may be signed either by SiP (using S-ROTPK) or by OEM (using NS-ROTPK).
Longer term multiple signing domain will allow additional signing keys, e.g.
if SPs originate from different parties.
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 33b5090..3c0e30f 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -294,6 +294,9 @@
- ``ERRATA_N1_1542419``: This applies errata 1542419 workaround to Neoverse-N1
CPU. This needs to be enabled only for revisions r3p0 - r4p0 of the CPU.
+- ``ERRATA_N1_1868343``: This applies errata 1868343 workaround to Neoverse-N1
+ CPU. This needs to be enabled only for revision <= r4p0 of the CPU.
+
DSU Errata Workarounds
----------------------
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index a357d58..c12e73f 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -369,7 +369,7 @@
For AArch64, BL2 performs the minimal architectural initialization required
for subsequent stages of TF-A and normal world software. EL1 and EL0 are given
-access to Floating Point and Advanced SIMD registers by clearing the
+access to Floating Point and Advanced SIMD registers by setting the
``CPACR.FPEN`` bits.
For AArch32, the minimal architectural initialization required for subsequent
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index b4fe404..40fc5db 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -300,6 +300,10 @@
handled at EL3, and a panic will result. This is supported only for AArch64
builds.
+- ``EVENT_LOG_LEVEL``: Chooses the log level to use for Measured Boot when
+ ``MEASURED_BOOT`` is enabled. For a list of valid values, see ``LOG_LEVEL``.
+ Default value is 40 (LOG_LEVEL_INFO).
+
- ``FAULT_INJECTION_SUPPORT``: ARMv8.4 extensions introduced support for fault
injection from lower ELs, and this build option enables lower ELs to use
Error Records accessed via System Registers to inject faults. This is
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index 9708604..ef319e4 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -19,6 +19,7 @@
Use of the EditorConfig file is suggested but is not required.
+.. _automatic-compliance-checking:
Automatic Compliance Checking
-----------------------------
@@ -441,6 +442,25 @@
These guidelines should be updated if additional types are needed.
+Favor C language over assembly language
+---------------------------------------
+
+Generally, prefer code written in C over assembly. Assembly code is less
+portable, harder to understand, maintain and audit security wise. Also, static
+analysis tools generally don't analyze assembly code.
+
+There are, however, legitimate uses of assembly language. These include:
+
+ - Early boot code executed before the C runtime environment is setup.
+
+ - Exception handling code.
+
+ - Low-level code where the exact sequence of instructions executed on the CPU
+ matters, such as CPU reset sequences.
+
+ - Low-level code where specific system-level instructions must be used, such
+ as cache maintenance operations.
+
--------------
*Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index bdfb6d6..0b3b848 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -29,19 +29,53 @@
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
-- Follow the :ref:`Coding Style` and :ref:`Coding Guidelines`.
-
- - Use the checkpatch.pl script provided with the Linux source tree. A
- Makefile target is provided for convenience.
-
- Keep the commits on topic. If you need to fix another bug or make another
enhancement, please address it on a separate topic branch.
+- Split the patch in manageable units. Small patches are usually easier to
+ review so this will speed up the review process.
+
- Avoid long commit series. If you do have a long series, consider whether
some commits should be squashed together or addressed in a separate topic.
-- Make sure your commit messages are in the proper format. If a commit fixes
- an `issue`_, include a reference.
+- Ensure that each commit in the series has at least one ``Signed-off-by:``
+ line, using your real name and email address. The names in the
+ ``Signed-off-by:`` and ``Commit:`` lines must match. By adding this line the
+ contributor certifies the contribution is made under the terms of the
+ :download:`Developer Certificate of Origin <../../dco.txt>`.
+
+ There might be multiple ``Signed-off-by:`` lines, depending on the history
+ of the patch.
+
+ More details may be found in the `Gerrit Signed-off-by Lines guidelines`_.
+
+- Ensure that each commit also has a unique ``Change-Id:`` line. If you have
+ cloned the repository with the "`Clone with commit-msg hook`" clone method
+ (following the :ref:`Prerequisites` document), this should already be the
+ case.
+
+ More details may be found in the `Gerrit Change-Ids documentation`_.
+
+- Write informative and comprehensive commit messages. A good commit message
+ provides all the background information needed for reviewers to understand
+ the intent and rationale of the patch. This information is also useful for
+ future reference.
+
+ For example:
+
+ - What does the patch do?
+ - What motivated it?
+ - What impact does it have?
+ - How was it tested?
+ - Have alternatives been considered? Why did you choose this approach over
+ another one?
+ - If it fixes an `issue`_, include a reference.
+
+- Follow the :ref:`Coding Style` and :ref:`Coding Guidelines`.
+
+ - Use the checkpatch.pl script provided with the Linux source tree. A
+ Makefile target is provided for convenience, see :ref:`this
+ section<automatic-compliance-checking>` for more details.
- Where appropriate, please update the documentation.
@@ -74,49 +108,85 @@
is the year of most recent contribution. <OWNER> is your name or your company
name.
+- Ensure that each patch in the patch series compiles in all supported
+ configurations. Patches which do not compile will not be merged.
+
- Please test your changes. As a minimum, ensure that Linux boots on the
Foundation FVP. See :ref:`Arm Fixed Virtual Platforms (FVP)` for more
information. For more extensive testing, consider running the `TF-A Tests`_
against your patches.
+- Ensure that all CI automated tests pass. Failures should be fixed. They might
+ block a patch, depending on how critical they are.
+
Submitting Changes
------------------
-- Ensure that each commit in the series has at least one ``Signed-off-by:``
- line, using your real name and email address. The names in the
- ``Signed-off-by:`` and ``Author:`` lines must match. If anyone else
- contributes to the commit, they must also add their own ``Signed-off-by:``
- line. By adding this line the contributor certifies the contribution is made
- under the terms of the
- :download:`Developer Certificate of Origin <../../dco.txt>`.
+- Submit your changes for review at https://review.trustedfirmware.org
+ targeting the ``integration`` branch.
- More details may be found in the `Gerrit Signed-off-by Lines guidelines`_.
+- Add reviewers for your patch:
-- Ensure that each commit also has a unique ``Change-Id:`` line. If you have
- cloned the repository with the "`Clone with commit-msg hook`" clone method
- (following the :ref:`Prerequisites` document), this should already be the
- case.
+ - At least one code owner for each module modified by the patch. See the list
+ of modules and their :ref:`code owners`.
- More details may be found in the `Gerrit Change-Ids documentation`_.
+ - At least one maintainer. See the list of :ref:`maintainers`.
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+ - If some module has no code owner, try to identify a suitable (non-code
+ owner) reviewer. Running ``git blame`` on the module's source code can
+ help, as it shows who has been working the most recently on this area of
+ the code.
- - The changes will then undergo further review and testing by the
- :ref:`code owners` and :ref:`maintainers`. Any review comments will be
- made directly on your patch. This may require you to do some rework. For
- controversial changes, the discussion might be moved to the `TF-A mailing
- list`_ to involve more of the community.
+ Alternatively, if it is impractical to identify such a reviewer, you might
+ send an email to the `TF-A mailing list`_ to broadcast your review request
+ to the community.
+
+ Note that self-reviewing a patch is prohibited, even if the patch author is
+ the only code owner of a module modified by the patch. Getting a second pair
+ of eyes on the code is essential to keep up with the quality standards the
+ project aspires to.
+
+- The changes will then undergo further review by the designated people. Any
+ review comments will be made directly on your patch. This may require you to
+ do some rework. For controversial changes, the discussion might be moved to
+ the `TF-A mailing list`_ to involve more of the community.
Refer to the `Gerrit Uploading Changes documentation`_ for more details.
+- The patch submission rules are the following. For a patch to be approved
+ and merged in the tree, it must get:
+
+ - One ``Code-Owner-Review+1`` for each of the modules modified by the patch.
+ - A ``Maintainer-Review+1``.
+
+ In the case where a code owner could not be found for a given module,
+ ``Code-Owner-Review+1`` is substituted by ``Code-Review+1``.
+
+ In addition to these various code review labels, the patch must also get a
+ ``Verified+1``. This is usually set by the Continuous Integration (CI) bot
+ when all automated tests passed on the patch. Sometimes, some of these
+ automated tests may fail for reasons unrelated to the patch. In this case,
+ the maintainers might (after analysis of the failures) override the CI bot
+ score to certify that the patch has been correctly tested.
+
+ In the event where the CI system lacks proper tests for a patch, the patch
+ author or a reviewer might agree to perform additional manual tests
+ in their review and the reviewer incorporates the review of the additional
+ testing in the ``Code-Review+1`` or ``Code-Owner-Review+1`` as applicable to
+ attest that the patch works as expected. Where possible additional tests should
+ be added to the CI system as a follow up task. For example, for a
+ platform-dependent patch where the said platform is not available in the CI
+ system's board farm.
+
- When the changes are accepted, the :ref:`maintainers` will integrate them.
- Typically, the :ref:`maintainers` will merge the changes into the
``integration`` branch.
+
- If the changes are not based on a sufficiently-recent commit, or if they
cannot be automatically rebased, then the :ref:`maintainers` may rebase it
on the ``integration`` branch or ask you to do so.
+
- After final integration testing, the changes will make their way into the
``master`` branch. If a problem is found during integration, the
:ref:`maintainers` will request your help to solve the issue. They may
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 94f2f59..8454105 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -98,10 +98,13 @@
endif
# Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
-$(eval $(call add_define,TF_MBEDTLS_KEY_SIZE))
-$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
-$(eval $(call add_define,TF_MBEDTLS_USE_AES_GCM))
+$(eval $(call add_defines,\
+ $(sort \
+ TF_MBEDTLS_KEY_ALG_ID \
+ TF_MBEDTLS_KEY_SIZE \
+ TF_MBEDTLS_HASH_ALG_ID \
+ TF_MBEDTLS_USE_AES_GCM \
+)))
$(eval $(call MAKE_LIB,mbedtls))
diff --git a/drivers/marvell/ccu.c b/drivers/marvell/ccu.c
index c73516e..ecf5091 100644
--- a/drivers/marvell/ccu.c
+++ b/drivers/marvell/ccu.c
@@ -30,6 +30,9 @@
((tgt) == DRAM_1_TID) || \
((tgt) == RAR_TID)) ? 1 : 0)
+#define CCU_RGF(win) (MVEBU_CCU_BASE(MVEBU_AP0) + \
+ 0x90 + 4 * (win))
+
/* For storage of CR, SCR, ALR, AHR abd GCR */
static uint32_t ccu_regs_save[MVEBU_CCU_MAX_WINS * 4 + 1];
@@ -366,3 +369,17 @@
return 0;
}
+
+void errata_wa_init(void)
+{
+ /*
+ * EERATA ID: RES-3033912 - Internal Address Space Init state causes
+ * a hang upon accesses to [0xf070_0000, 0xf07f_ffff]
+ * Workaround: Boot Firmware (ATF) should configure CCU_RGF_WIN(4) to
+ * split [0x6e_0000, 0xff_ffff] to values [0x6e_0000, 0x6f_ffff] and
+ * [0x80_0000, 0xff_ffff] that cause accesses to the
+ * segment of [0xf070_0000, 0xf07f_ffff] to act as RAZWI.
+ */
+ mmio_write_32(CCU_RGF(4), 0x37f9b809);
+ mmio_write_32(CCU_RGF(5), 0x7ffa0009);
+}
diff --git a/drivers/marvell/mochi/ap807_setup.c b/drivers/marvell/mochi/ap807_setup.c
index 7b68195..7cdfe05 100644
--- a/drivers/marvell/mochi/ap807_setup.c
+++ b/drivers/marvell/mochi/ap807_setup.c
@@ -117,6 +117,8 @@
reg |= (0x1 << CCU_SET_POC_OFFSET);
mmio_write_32(CCU_HTC_CR, reg);
#endif /* LLC_ENABLE */
+
+ errata_wa_init();
}
diff --git a/drivers/marvell/mochi/apn806_setup.c b/drivers/marvell/mochi/apn806_setup.c
index 1a02bd4..b8925d9 100644
--- a/drivers/marvell/mochi/apn806_setup.c
+++ b/drivers/marvell/mochi/apn806_setup.c
@@ -28,9 +28,6 @@
0x200)
#define CCU_SET_POC_OFFSET 5
-#define CCU_RGF(win) (MVEBU_CCU_BASE(MVEBU_AP0) + \
- 0x90 + 4 * (win))
-
#define DSS_CR0 (MVEBU_RFU_BASE + 0x100)
#define DVM_48BIT_VA_ENABLE (1 << 21)
@@ -95,20 +92,6 @@
mmio_write_32(SMMU_sACR, reg);
}
-static void apn806_errata_wa_init(void)
-{
- /*
- * ERRATA ID: RES-3033912 - Internal Address Space Init state causes
- * a hang upon accesses to [0xf070_0000, 0xf07f_ffff]
- * Workaround: Boot Firmware (ATF) should configure CCU_RGF_WIN(4) to
- * split [0x6e_0000, 0xff_ffff] to values [0x6e_0000, 0x6f_ffff] and
- * [0x80_0000, 0xff_ffff] that cause accesses to the
- * segment of [0xf070_0000, 0xf07f_ffff] to act as RAZWI.
- */
- mmio_write_32(CCU_RGF(4), 0x37f9b809);
- mmio_write_32(CCU_RGF(5), 0x7ffa0009);
-}
-
static void init_aurora2(void)
{
uint32_t reg;
@@ -131,7 +114,7 @@
mmio_write_32(CCU_HTC_CR, reg);
#endif /* LLC_ENABLE */
- apn806_errata_wa_init();
+ errata_wa_init();
}
diff --git a/drivers/measured_boot/measured_boot.mk b/drivers/measured_boot/measured_boot.mk
index fc005d5..497fdba 100644
--- a/drivers/measured_boot/measured_boot.mk
+++ b/drivers/measured_boot/measured_boot.mk
@@ -4,6 +4,9 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+# Default log level to dump the event log (LOG_LEVEL_INFO)
+EVENT_LOG_LEVEL ?= 40
+
# TPM hash algorithm
TPM_HASH_ALG := sha256
@@ -25,10 +28,14 @@
EVENT_LOG_SIZE := 1024
# Set definitions for mbed TLS library and Measured Boot driver
-$(eval $(call add_define,MBEDTLS_MD_ID))
-$(eval $(call add_define,TPM_ALG_ID))
-$(eval $(call add_define,TCG_DIGEST_SIZE))
-$(eval $(call add_define,EVENT_LOG_SIZE))
+$(eval $(call add_defines,\
+ $(sort \
+ MBEDTLS_MD_ID \
+ TPM_ALG_ID \
+ TCG_DIGEST_SIZE \
+ EVENT_LOG_SIZE \
+ EVENT_LOG_LEVEL \
+)))
ifeq (${HASH_ALG}, sha256)
ifneq (${TPM_HASH_ALG}, sha256)
diff --git a/fdts/corstone700_fpga.dts b/fdts/corstone700_fpga.dts
index 814d6a8..1ac0d4b 100644
--- a/fdts/corstone700_fpga.dts
+++ b/fdts/corstone700_fpga.dts
@@ -20,6 +20,13 @@
reg-io-width = <2>;
smsc,irq-push-pull;
};
+
+ usb: usb@4020000 {
+ compatible = "nxp,usb-isp1763";
+ reg = <0x40200000 0x100000>;
+ interrupt-parent = <&gic>;
+ interrupts = <GIC_SPI 114 IRQ_TYPE_LEVEL_HIGH>;
+ };
};
&refclk {
diff --git a/fdts/n1sdp-multi-chip.dts b/fdts/n1sdp-multi-chip.dts
index b58d9d8..8932dfc 100644
--- a/fdts/n1sdp-multi-chip.dts
+++ b/fdts/n1sdp-multi-chip.dts
@@ -53,6 +53,42 @@
<0 1 20>,
<1 1 10>;
};
+
+ smmu_slave_pcie: iommu@4004f400000 {
+ compatible = "arm,smmu-v3";
+ reg = <0x400 0x4f400000 0 0x40000>;
+ interrupts = <GIC_SPI 715 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 716 IRQ_TYPE_EDGE_RISING>,
+ <GIC_SPI 717 IRQ_TYPE_EDGE_RISING>;
+ interrupt-names = "eventq", "cmdq-sync", "gerror";
+ msi-parent = <&its2_slave 0>;
+ #iommu-cells = <1>;
+ dma-coherent;
+ };
+
+ pcie_slave_ctlr: pcie@40070000000 {
+ compatible = "arm,n1sdp-pcie";
+ device_type = "pci";
+ reg = <0x400 0x70000000 0 0x1200000>;
+ bus-range = <0 0xff>;
+ linux,pci-domain = <2>;
+ #address-cells = <3>;
+ #size-cells = <2>;
+ dma-coherent;
+ ranges = <0x01000000 0x00 0x00000000 0x400 0x75200000 0x00 0x00010000>,
+ <0x02000000 0x00 0x71200000 0x400 0x71200000 0x00 0x04000000>,
+ <0x42000000 0x09 0x00000000 0x409 0x00000000 0x20 0x00000000>;
+ #interrupt-cells = <1>;
+ interrupt-map-mask = <0 0 0 7>;
+ interrupt-map = <0 0 0 1 &gic 0 0 0 649 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 0 2 &gic 0 0 0 650 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 0 3 &gic 0 0 0 651 IRQ_TYPE_LEVEL_HIGH>,
+ <0 0 0 4 &gic 0 0 0 652 IRQ_TYPE_LEVEL_HIGH>;
+ msi-map = <0 &its_slave_pcie 0 0x10000>;
+ iommu-map = <0 &smmu_slave_pcie 0 0x10000>;
+ status = "okay";
+ };
+
};
&gic {
@@ -60,4 +96,18 @@
reg = <0x0 0x30000000 0 0x10000>, /* GICD */
<0x0 0x300c0000 0 0x80000>, /* GICR */
<0x400 0x300c0000 0 0x80000>; /* GICR */
+
+ its2_slave: its@40030060000 {
+ compatible = "arm,gic-v3-its";
+ msi-controller;
+ #msi-cells = <1>;
+ reg = <0x400 0x30060000 0x0 0x20000>;
+ };
+
+ its_slave_pcie: its@400300a0000 {
+ compatible = "arm,gic-v3-its";
+ msi-controller;
+ #msi-cells = <1>;
+ reg = <0x400 0x300a0000 0x0 0x20000>;
+ };
};
diff --git a/fdts/tc0.dts b/fdts/tc0.dts
index cab39a7..ac097cd 100644
--- a/fdts/tc0.dts
+++ b/fdts/tc0.dts
@@ -224,7 +224,7 @@
port {
vencoder_in: endpoint {
- remote-endpoint = <&hdlcd_out>;
+ remote-endpoint = <&dp_pl0_out0>;
};
};
@@ -250,7 +250,7 @@
interrupts = <0x0 117 0x4>;
clocks = <&fake_hdlcd_clk>;
clock-names = "pxlclk";
- status = "ok";
+ status = "disabled";
port {
hdlcd_out: endpoint {
@@ -339,7 +339,6 @@
interrupt-names = "DPU";
clocks = <&scmi_clk 0>;
clock-names = "aclk";
- status = "disabled";
pl0: pipeline@0 {
reg = <0>;
clocks = <&scmi_clk 1>;
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 3965b58..d1fd52c 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -21,7 +21,7 @@
*/
#define IMG_FLAG_AUTHENTICATED (1 << 0)
-
+#if COT_DESC_IN_DTB && !IMAGE_BL1
/*
* Authentication image descriptor
*/
@@ -29,9 +29,21 @@
unsigned int img_id;
img_type_t img_type;
const struct auth_img_desc_s *parent;
+ auth_method_desc_t *img_auth_methods;
+ auth_param_desc_t *authenticated_data;
+} auth_img_desc_t;
+#else
+/*
+ * Authentication image descriptor
+ */
+typedef struct auth_img_desc_s {
+ unsigned int img_id;
+ img_type_t img_type;
+ const struct auth_img_desc_s *parent;
const auth_method_desc_t *const img_auth_methods;
const auth_param_desc_t *const authenticated_data;
} auth_img_desc_t;
+#endif /* COT_DESC_IN_DTB && !IMAGE_BL1 */
/* Public functions */
void auth_mod_init(void);
diff --git a/include/drivers/marvell/ccu.h b/include/drivers/marvell/ccu.h
index 413ffb9..f8f0adf 100644
--- a/include/drivers/marvell/ccu.h
+++ b/include/drivers/marvell/ccu.h
@@ -47,6 +47,7 @@
void ccu_save_win_all(int ap_id);
void ccu_restore_win_all(int ap_id);
int ccu_is_win_enabled(int ap_index, uint32_t win_id);
+void errata_wa_init(void);
#endif
#endif /* CCU_H */
diff --git a/include/drivers/measured_boot/event_log.h b/include/drivers/measured_boot/event_log.h
index 10dfbb3..efde117 100644
--- a/include/drivers/measured_boot/event_log.h
+++ b/include/drivers/measured_boot/event_log.h
@@ -20,8 +20,6 @@
* LOG_LEVEL_WARNING
* LOG_LEVEL_VERBOSE
*/
-#define EVENT_LOG_LEVEL LOG_LEVEL_INFO
-
#if EVENT_LOG_LEVEL == LOG_LEVEL_ERROR
#define LOG_EVENT ERROR
#elif EVENT_LOG_LEVEL == LOG_LEVEL_NOTICE
diff --git a/include/lib/cpus/aarch64/neoverse_n1.h b/include/lib/cpus/aarch64/neoverse_n1.h
index b50befa..9998b93 100644
--- a/include/lib/cpus/aarch64/neoverse_n1.h
+++ b/include/lib/cpus/aarch64/neoverse_n1.h
@@ -64,4 +64,12 @@
#define CPUPOR_EL3 S3_6_C15_C8_2
#define CPUPMR_EL3 S3_6_C15_C8_3
+/******************************************************************************
+ * CPU Configuration register definitions.
+ *****************************************************************************/
+#define CPUCFR_EL1 S3_0_C15_C0_0
+
+/* SCU bit of CPU Configuration Register, EL1 */
+#define SCU_SHIFT U(2)
+
#endif /* NEOVERSE_N1_H */
diff --git a/include/lib/libc/stdio.h b/include/lib/libc/stdio.h
index 2d9e655..ba13683 100644
--- a/include/lib/libc/stdio.h
+++ b/include/lib/libc/stdio.h
@@ -22,6 +22,7 @@
#ifdef STDARG_H
int vprintf(const char *fmt, va_list args);
+int vsnprintf(char *s, size_t n, const char *fmt, va_list args);
#endif
int putchar(int c);
diff --git a/include/lib/libc/string.h b/include/lib/libc/string.h
index 71774b0..9894483 100644
--- a/include/lib/libc/string.h
+++ b/include/lib/libc/string.h
@@ -4,7 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
- * Portions copyright (c) 2018-2019, ARM Limited and Contributors.
+ * Portions copyright (c) 2018-2020, ARM Limited and Contributors.
* All rights reserved.
*/
@@ -26,5 +26,7 @@
size_t strnlen(const char *s, size_t maxlen);
char *strrchr(const char *p, int ch);
size_t strlcpy(char * dst, const char * src, size_t dsize);
+size_t strlcat(char * dst, const char * src, size_t dsize);
+char *strtok_r(char *s, const char *delim, char **last);
#endif /* STRING_H */
diff --git a/include/lib/psci/psci_lib.h b/include/lib/psci/psci_lib.h
index 76c1a8d..1ac45ad 100644
--- a/include/lib/psci/psci_lib.h
+++ b/include/lib/psci/psci_lib.h
@@ -89,6 +89,8 @@
void psci_register_spd_pm_hook(const spd_pm_ops_t *pm);
void psci_prepare_next_non_secure_ctx(
entry_point_info_t *next_image_info);
+int psci_stop_other_cores(unsigned int wait_ms,
+ void (*stop_func)(u_register_t mpidr));
#endif /* __ASSEMBLER__ */
#endif /* PSCI_LIB_H */
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 293e7ce..c018643 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -568,7 +568,7 @@
#define PLAT_SDEI_NORMAL_PRI 0x70
/* ARM platforms use 3 upper bits of secure interrupt priority */
-#define ARM_PRI_BITS 3
+#define PLAT_PRI_BITS 3
/* SGI used for SDEI signalling */
#define ARM_SDEI_SGI ARM_IRQ_SEC_SGI_0
diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 37d87d3..c789f79 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -7,6 +7,8 @@
#ifndef TBBR_OID_H
#define TBBR_OID_H
+#define MAX_OID_NAME_LEN 30
+
/*
* The following is a list of OID values defined and reserved by ARM, which
* are used to define the extension fields of the certificate structure, as
diff --git a/lib/cpus/aarch64/dsu_helpers.S b/lib/cpus/aarch64/dsu_helpers.S
index 100ffaa..da052d5 100644
--- a/lib/cpus/aarch64/dsu_helpers.S
+++ b/lib/cpus/aarch64/dsu_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -72,18 +72,36 @@
* This function is called from both assembly and C environment. So it
* follows AAPCS.
*
- * Clobbers: x0-x3
+ * Clobbers: x0-x15
* -----------------------------------------------------------------------
*/
.globl check_errata_dsu_936184
.globl errata_dsu_936184_wa
+ .weak is_scu_present_in_dsu
+
+ /* --------------------------------------------------------------------
+ * Default behaviour respresents SCU is always present with DSU.
+ * CPUs can override this definition if required.
+ *
+ * Can clobber only: x0-x14
+ * --------------------------------------------------------------------
+ */
+func is_scu_present_in_dsu
+ mov x0, #1
+ ret
+endfunc is_scu_present_in_dsu
func check_errata_dsu_936184
- mov x2, #ERRATA_NOT_APPLIES
- mov x3, #ERRATA_APPLIES
+ mov x15, x30
+ bl is_scu_present_in_dsu
+ cmp x0, xzr
+ /* Default error status */
+ mov x0, #ERRATA_NOT_APPLIES
+
+ /* If SCU is not present, return without applying patch */
+ b.eq 1f
/* Erratum applies only if DSU has the ACP interface */
- mov x0, x2
mrs x1, CLUSTERCFR_EL1
ubfx x1, x1, #CLUSTERCFR_ACP_SHIFT, #1
cbz x1, 1f
@@ -92,13 +110,13 @@
mrs x1, CLUSTERIDR_EL1
/* DSU variant and revision bitfields in CLUSTERIDR are adjacent */
- ubfx x0, x1, #CLUSTERIDR_REV_SHIFT,\
+ ubfx x2, x1, #CLUSTERIDR_REV_SHIFT,\
#(CLUSTERIDR_REV_BITS + CLUSTERIDR_VAR_BITS)
- mov x1, #(0x2 << CLUSTERIDR_VAR_SHIFT)
- cmp x0, x1
- csel x0, x2, x3, hs
+ cmp x2, #(0x2 << CLUSTERIDR_VAR_SHIFT)
+ b.hs 1f
+ mov x0, #ERRATA_APPLIES
1:
- ret
+ ret x15
endfunc check_errata_dsu_936184
/* --------------------------------------------------
diff --git a/lib/cpus/aarch64/neoverse_n1.S b/lib/cpus/aarch64/neoverse_n1.S
index d537ed6..03ee472 100644
--- a/lib/cpus/aarch64/neoverse_n1.S
+++ b/lib/cpus/aarch64/neoverse_n1.S
@@ -22,6 +22,19 @@
#endif
.global neoverse_n1_errata_ic_trap_handler
+ .global is_scu_present_in_dsu
+
+/*
+ * Check DSU is configured with SCU and L3 unit
+ * 1-> SCU present
+ * 0-> SCU not present
+ */
+func is_scu_present_in_dsu
+ mrs x0, CPUCFR_EL1
+ ubfx x0, x0, #SCU_SHIFT, #1
+ eor x0, x0, #1
+ ret
+endfunc is_scu_present_in_dsu
/* --------------------------------------------------
* Errata Workaround for Neoverse N1 Erratum 1043202.
@@ -375,6 +388,38 @@
b cpu_rev_var_range
endfunc check_errata_1542419
+ /* --------------------------------------------------
+ * Errata Workaround for Neoverse N1 Errata #1868343.
+ * This applies to revision <= r4p0 of Neoverse N1.
+ * This workaround is the same as the workaround for
+ * errata 1262606 and 1275112 but applies to a wider
+ * revision range.
+ * Inputs:
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * --------------------------------------------------
+ */
+func errata_n1_1868343_wa
+ /*
+ * Compare x0 against revision r4p0
+ */
+ mov x17, x30
+ bl check_errata_1868343
+ cbz x0, 1f
+ mrs x1, NEOVERSE_N1_CPUACTLR_EL1
+ orr x1, x1, NEOVERSE_N1_CPUACTLR_EL1_BIT_13
+ msr NEOVERSE_N1_CPUACTLR_EL1, x1
+ isb
+1:
+ ret x17
+endfunc errata_n1_1868343_wa
+
+func check_errata_1868343
+ /* Applies to everything <= r4p0 */
+ mov x1, #0x40
+ b cpu_rev_var_ls
+endfunc check_errata_1868343
+
func neoverse_n1_reset_func
mov x19, x30
@@ -449,6 +494,11 @@
bl errata_n1_1542419_wa
#endif
+#if ERRATA_N1_1868343
+ mov x0, x18
+ bl errata_n1_1868343_wa
+#endif
+
#if ENABLE_AMU
/* Make sure accesses from EL0/EL1 and EL2 are not trapped to EL3 */
mrs x0, actlr_el3
@@ -522,6 +572,7 @@
report_errata ERRATA_N1_1275112, neoverse_n1, 1275112
report_errata ERRATA_N1_1315703, neoverse_n1, 1315703
report_errata ERRATA_N1_1542419, neoverse_n1, 1542419
+ report_errata ERRATA_N1_1868343, neoverse_n1, 1868343
report_errata ERRATA_DSU_936184, neoverse_n1, dsu_936184
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 8fc3b60..7cd8ed9 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -334,6 +334,10 @@
# to revisions r3p0 - r4p0 of the Neoverse N1 cpu.
ERRATA_N1_1542419 ?=0
+# Flag to apply erratum 1868343 workaround during reset. This erratum applies
+# to revision <= r4p0 of the Neoverse N1 cpu.
+ERRATA_N1_1868343 ?=0
+
# Flag to apply DSU erratum 798953. This erratum applies to DSUs revision r0p0.
# Applying the workaround results in higher DSU power consumption on idle.
ERRATA_DSU_798953 ?=0
@@ -603,6 +607,10 @@
$(eval $(call assert_boolean,ERRATA_N1_1542419))
$(eval $(call add_define,ERRATA_N1_1542419))
+# Process ERRATA_N1_1868343 flag
+$(eval $(call assert_boolean,ERRATA_N1_1868343))
+$(eval $(call add_define,ERRATA_N1_1868343))
+
# Process ERRATA_DSU_798953 flag
$(eval $(call assert_boolean,ERRATA_DSU_798953))
$(eval $(call add_define,ERRATA_DSU_798953))
diff --git a/lib/extensions/spe/spe.c b/lib/extensions/spe/spe.c
index 78876c6..f0d7342 100644
--- a/lib/extensions/spe/spe.c
+++ b/lib/extensions/spe/spe.c
@@ -25,7 +25,7 @@
uint64_t features;
features = read_id_aa64dfr0_el1() >> ID_AA64DFR0_PMS_SHIFT;
- return (features & ID_AA64DFR0_PMS_MASK) == 1U;
+ return (features & ID_AA64DFR0_PMS_MASK) > 0ULL;
}
void spe_enable(bool el2_unused)
diff --git a/lib/fconf/fconf_cot_getter.c b/lib/fconf/fconf_cot_getter.c
new file mode 100644
index 0000000..adfa534
--- /dev/null
+++ b/lib/fconf/fconf_cot_getter.c
@@ -0,0 +1,497 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stddef.h>
+
+#include <common/fdt_wrappers.h>
+#include <drivers/auth/mbedtls/mbedtls_config.h>
+#include <drivers/auth/auth_mod.h>
+#include <lib/fconf/fconf.h>
+#include <lib/object_pool.h>
+#include <libfdt.h>
+
+#include <tools_share/tbbr_oid.h>
+
+/* static structures used during authentication process */
+static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_SIG, 0);
+static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_SIG_ALG, 0);
+static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_RAW_DATA, 0);
+
+/* pointers to an array of CoT descriptors */
+static const auth_img_desc_t *cot_desc[MAX_NUMBER_IDS];
+/* array of CoT descriptors */
+static auth_img_desc_t auth_img_descs[MAX_NUMBER_IDS];
+
+/* array of authentication methods structures */
+static auth_method_desc_t auth_methods[MAX_NUMBER_IDS * AUTH_METHOD_NUM];
+static OBJECT_POOL_ARRAY(auth_methods_pool, auth_methods);
+
+/* array of authentication params structures */
+static auth_param_desc_t auth_params[MAX_NUMBER_IDS * COT_MAX_VERIFIED_PARAMS];
+static OBJECT_POOL_ARRAY(auth_params_pool, auth_params);
+
+/* array of authentication param type structures */
+static auth_param_type_desc_t auth_param_type_descs[MAX_NUMBER_IDS];
+static OBJECT_POOL_ARRAY(auth_param_type_descs_pool, auth_param_type_descs);
+
+/*
+ * array of OIDs
+ * Object IDs are used to search hash, pk, counter values in certificate.
+ * As per binding we have below 2 combinations:
+ * 1. Certificates are validated using nv-cntr and pk
+ * 2. Raw images are authenticated using hash
+ * Hence in worst case, there are maximum 2 OIDs per image/certificate
+ */
+static unsigned char oids[(MAX_NUMBER_IDS * 2)][MAX_OID_NAME_LEN];
+static OBJECT_POOL_ARRAY(oid_pool, oids);
+
+/* An array of auth buffer which holds hashes and pk
+ * ToDo: Size decided with the current number of images and
+ * certificates which are available in CoT. Size of these buffers bound to
+ * increase in the future on the addition of images/certificates.
+ */
+static unsigned char hash_auth_bufs[20][HASH_DER_LEN];
+static OBJECT_POOL_ARRAY(hash_auth_buf_pool, hash_auth_bufs);
+static unsigned char pk_auth_bufs[12][PK_DER_LEN];
+static OBJECT_POOL_ARRAY(pk_auth_buf_pool, pk_auth_bufs);
+
+/*******************************************************************************
+ * update_parent_auth_data() - Update authentication data structure
+ * @auth_desc[in]: Pointer to the auth image descriptor
+ * @type_desc[in]: Pointer to authentication parameter
+ * @auth_buf_size[in]: Buffer size to hold pk or hash
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int update_parent_auth_data(const auth_img_desc_t *auth_desc,
+ auth_param_type_desc_t *type_desc,
+ unsigned int auth_buf_size)
+{
+ unsigned int i;
+ auth_param_desc_t *auth_data = &auth_desc->authenticated_data[0];
+ unsigned char *auth_buf;
+
+ for (i = 0U; i < COT_MAX_VERIFIED_PARAMS; i++) {
+ if (auth_data[i].type_desc == type_desc) {
+ return 0;
+ }
+ if (auth_data[i].type_desc == NULL) {
+ break;
+ }
+ }
+
+ if (auth_buf_size == HASH_DER_LEN) {
+ auth_buf = pool_alloc(&hash_auth_buf_pool);
+ } else if (auth_buf_size == PK_DER_LEN) {
+ auth_buf = pool_alloc(&pk_auth_buf_pool);
+ } else {
+ return -1;
+ }
+
+ if (i < COT_MAX_VERIFIED_PARAMS) {
+ auth_data[i].type_desc = type_desc;
+ auth_data[i].data.ptr = auth_buf;
+ auth_data[i].data.len = auth_buf_size;
+ } else {
+ ERROR("Out of authentication data array\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * get_auth_param_type_desc() - Get pointer of authentication parameter
+ * @img_id[in]: Image Id
+ * @type_desc[out]: Pointer to authentication parameter
+ * @buf_size[out]: Buffer size which hold hash/pk
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int get_auth_param_type_desc(unsigned int img_id,
+ auth_param_type_desc_t **type_desc,
+ unsigned int *buf_size)
+{
+ auth_method_desc_t *img_auth_method = NULL;
+ img_type_t type = auth_img_descs[img_id].img_type;
+
+ if (type == IMG_CERT) {
+ img_auth_method =
+ &auth_img_descs[img_id].img_auth_methods[AUTH_METHOD_SIG];
+ *type_desc = img_auth_method->param.sig.pk;
+ *buf_size = PK_DER_LEN;
+ } else if (type == IMG_RAW) {
+ img_auth_method =
+ &auth_img_descs[img_id].img_auth_methods[AUTH_METHOD_HASH];
+ *type_desc = img_auth_method->param.hash.hash;
+ *buf_size = HASH_DER_LEN;
+ } else {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * set_auth_method() - Update global auth image descriptors with authentication
+ * method data
+ * @auth_method_type[in]: Type of authentication method
+ * @oid[in]: Object Idetifier for pk/hash search
+ * @auth_method[in]: Pointer to authentication method to set
+ ******************************************************************************/
+static void set_auth_method(auth_method_type_t auth_method_type, char *oid,
+ auth_method_desc_t *auth_method)
+{
+ auth_param_type_t auth_param_type = AUTH_PARAM_NONE;
+ auth_param_type_desc_t *auth_param_type_desc;
+
+ assert(auth_method != NULL);
+
+ auth_param_type_desc = pool_alloc(&auth_param_type_descs_pool);
+ auth_method->type = auth_method_type;
+
+ if (auth_method_type == AUTH_METHOD_SIG) {
+ auth_param_type = AUTH_PARAM_PUB_KEY;
+ auth_method->param.sig.sig = &sig;
+ auth_method->param.sig.alg = &sig_alg;
+ auth_method->param.sig.data = &raw_data;
+ auth_method->param.sig.pk = auth_param_type_desc;
+ } else if (auth_method_type == AUTH_METHOD_HASH) {
+ auth_param_type = AUTH_PARAM_HASH;
+ auth_method->param.hash.data = &raw_data;
+ auth_method->param.hash.hash = auth_param_type_desc;
+ } else if (auth_method_type == AUTH_METHOD_NV_CTR) {
+ auth_param_type = AUTH_PARAM_NV_CTR;
+ auth_method->param.nv_ctr.cert_nv_ctr = auth_param_type_desc;
+ auth_method->param.nv_ctr.plat_nv_ctr = auth_param_type_desc;
+ }
+
+ auth_param_type_desc->type = auth_param_type;
+ auth_param_type_desc->cookie = (void *)oid;
+}
+
+/*******************************************************************************
+ * get_oid() - get object identifier from device tree
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the node
+ * @prop[in]: Property to read from the given node
+ * @oid[out]: Object Indentifier of key/hash/nv-counter in certificate
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int get_oid(const void *dtb, int node, const char *prop, char **oid)
+{
+ uint32_t phandle;
+ int rc;
+
+ rc = fdt_read_uint32(dtb, node, prop, &phandle);
+ if (rc < 0) {
+ return rc;
+ }
+
+ node = fdt_node_offset_by_phandle(dtb, phandle);
+ if (node < 0) {
+ return node;
+ }
+
+ *oid = pool_alloc(&oid_pool);
+ rc = fdtw_read_string(dtb, node, "oid", *oid, MAX_OID_NAME_LEN);
+
+ return rc;
+}
+
+/*******************************************************************************
+ * populate_and_set_auth_methods() - Populate auth method parameters from
+ * device tree and set authentication method
+ * structure.
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the node
+ * @img_id[in]: Image identifier
+ * @type[in]: Type of image
+ * @root_certificate[in]:Root certificate (authenticated by ROTPK)
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int populate_and_set_auth_methods(const void *dtb, int node,
+ unsigned int img_id, img_type_t type,
+ bool root_certificate)
+{
+ auth_method_type_t auth_method_type = AUTH_METHOD_NONE;
+ int rc;
+ char *oid = NULL;
+
+ auth_method_desc_t *auth_method = pool_alloc_n(&auth_methods_pool,
+ AUTH_METHOD_NUM);
+
+ /*
+ * This is as per binding document where certificates are
+ * verified by signature and images are verified by hash.
+ */
+ if (type == IMG_CERT) {
+ if (root_certificate) {
+ oid = NULL;
+ } else {
+ rc = get_oid(dtb, node, "signing-key", &oid);
+ if (rc < 0) {
+ ERROR("FCONF: Can't read %s property\n",
+ "signing-key");
+ return rc;
+ }
+ }
+ auth_method_type = AUTH_METHOD_SIG;
+ } else if (type == IMG_RAW) {
+ rc = get_oid(dtb, node, "hash", &oid);
+ if (rc < 0) {
+ ERROR("FCONF: Can't read %s property\n",
+ "hash");
+ return rc;
+ }
+ auth_method_type = AUTH_METHOD_HASH;
+ } else {
+ return -1;
+ }
+
+ set_auth_method(auth_method_type, oid,
+ &auth_method[auth_method_type]);
+
+ /* Retrieve the optional property */
+ rc = get_oid(dtb, node, "antirollback-counter", &oid);
+ if (rc == 0) {
+ auth_method_type = AUTH_METHOD_NV_CTR;
+ set_auth_method(auth_method_type, oid,
+ &auth_method[auth_method_type]);
+ }
+
+ auth_img_descs[img_id].img_auth_methods = &auth_method[0];
+
+ return 0;
+}
+
+/*******************************************************************************
+ * get_parent_img_id() - Get parent image id for given child node
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the child node
+ * @parent_img_id[out]: Image id of parent
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int get_parent_img_id(const void *dtb, int node,
+ unsigned int *parent_img_id)
+{
+ uint32_t phandle;
+ int err;
+
+ err = fdt_read_uint32(dtb, node, "parent", &phandle);
+ if (err < 0) {
+ ERROR("FCONF: Could not read %s property in node\n",
+ "parent");
+ return err;
+ }
+
+ node = fdt_node_offset_by_phandle(dtb, phandle);
+ if (node < 0) {
+ ERROR("FCONF: Failed to locate node using its phandle\n");
+ return node;
+ }
+
+ err = fdt_read_uint32(dtb, node, "image-id", parent_img_id);
+ if (err < 0) {
+ ERROR("FCONF: Could not read %s property in node\n",
+ "image-id");
+ }
+
+ return err;
+}
+
+/*******************************************************************************
+ * set_desc_data() - Update data in descriptor's structure
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the node
+ * @type[in]: Type of image (RAW/CERT)
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int set_desc_data(const void *dtb, int node, img_type_t type)
+{
+ int rc;
+ bool root_certificate = false;
+ unsigned int img_id, parent_img_id;
+
+ rc = fdt_read_uint32(dtb, node, "image-id", &img_id);
+ if (rc < 0) {
+ ERROR("FCONF: Can't find property %s in node\n",
+ "image-id");
+ return rc;
+ }
+
+ if (fdt_getprop(dtb, node, "root-certificate",
+ NULL) != NULL) {
+ root_certificate = true;
+ }
+
+ if (!root_certificate) {
+ rc = get_parent_img_id(dtb, node, &parent_img_id);
+ if (rc < 0) {
+ return rc;
+ }
+ auth_img_descs[img_id].parent = &auth_img_descs[parent_img_id];
+ }
+
+ auth_img_descs[img_id].img_id = img_id;
+ auth_img_descs[img_id].img_type = type;
+
+ rc = populate_and_set_auth_methods(dtb, node, img_id, type,
+ root_certificate);
+ if (rc < 0) {
+ return rc;
+ }
+
+ if (type == IMG_CERT) {
+ auth_param_desc_t *auth_param =
+ pool_alloc_n(&auth_params_pool,
+ COT_MAX_VERIFIED_PARAMS);
+ auth_img_descs[img_id].authenticated_data = &auth_param[0];
+ }
+
+ cot_desc[img_id] = &auth_img_descs[img_id];
+
+ return rc;
+}
+
+/*******************************************************************************
+ * populate_manifest_descs() - Populate CoT descriptors and update global
+ * certificate structures
+ * @dtb[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int populate_manifest_descs(const void *dtb)
+{
+ int node, child;
+ int rc;
+
+ /*
+ * Assert the node offset points to "arm, cert-descs"
+ * compatible property
+ */
+ const char *compatible_str = "arm, cert-descs";
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+ if (node < 0) {
+ ERROR("FCONF: Can't find %s compatible in node\n",
+ compatible_str);
+ return node;
+ }
+
+ fdt_for_each_subnode(child, dtb, node) {
+ rc = set_desc_data(dtb, child, IMG_CERT);
+ if (rc < 0) {
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * populate_image_descs() - Populate CoT descriptors and update global
+ * image descriptor structures.
+ * @dtb[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int populate_image_descs(const void *dtb)
+{
+ int node, child;
+ int rc;
+
+ /*
+ * Assert the node offset points to "arm, img-descs"
+ * compatible property
+ */
+ const char *compatible_str = "arm, img-descs";
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+ if (node < 0) {
+ ERROR("FCONF: Can't find %s compatible in node\n",
+ compatible_str);
+ return node;
+ }
+
+ fdt_for_each_subnode(child, dtb, node) {
+ rc = set_desc_data(dtb, child, IMG_RAW);
+ if (rc < 0) {
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * fconf_populate_cot_descs() - Populate CoT descriptors and update global
+ * structures
+ * @config[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int fconf_populate_cot_descs(uintptr_t config)
+{
+ auth_param_type_desc_t *type_desc = NULL;
+ unsigned int auth_buf_size = 0U;
+ int rc;
+
+ /* As libfdt uses void *, we can't avoid this cast */
+ const void *dtb = (void *)config;
+
+ /* populate manifest descs information */
+ rc = populate_manifest_descs(dtb);
+ if (rc < 0) {
+ ERROR("FCONF: population of %s descs failed %d\n",
+ "manifest", rc);
+ return rc;
+ }
+
+ /* populate image descs information */
+ rc = populate_image_descs(dtb);
+ if (rc < 0) {
+ ERROR("FCONF: population of %s descs failed %d\n",
+ "images", rc);
+ return rc;
+ }
+
+ /* update parent's authentication data */
+ for (unsigned int i = 0U; i < MAX_NUMBER_IDS; i++) {
+ if (auth_img_descs[i].parent != NULL) {
+ rc = get_auth_param_type_desc(i,
+ &type_desc,
+ &auth_buf_size);
+ if (rc < 0) {
+ ERROR("FCONF: failed to get auth data %d\n",
+ rc);
+ return rc;
+ }
+
+ rc = update_parent_auth_data(auth_img_descs[i].parent,
+ type_desc,
+ auth_buf_size);
+ if (rc < 0) {
+ ERROR("FCONF: auth data update failed %d\n",
+ rc);
+ return rc;
+ }
+ }
+ }
+
+ return rc;
+}
+
+FCONF_REGISTER_POPULATOR(TB_FW, cot_desc, fconf_populate_cot_descs);
+REGISTER_COT(cot_desc);
diff --git a/lib/libc/memset.c b/lib/libc/memset.c
index d8007d8..f9dd4c5 100644
--- a/lib/libc/memset.c
+++ b/lib/libc/memset.c
@@ -1,18 +1,48 @@
/*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
#include <string.h>
+#include <stdint.h>
void *memset(void *dst, int val, size_t count)
{
char *ptr = dst;
+ uint64_t *ptr64;
+ uint64_t fill = (unsigned char)val;
- while (count--)
+ /* Simplify code below by making sure we write at least one byte. */
+ if (count == 0) {
+ return dst;
+ }
+
+ /* Handle the first part, until the pointer becomes 64-bit aligned. */
+ while (((uintptr_t)ptr & 7)) {
+ *ptr++ = val;
+ if (--count == 0) {
+ return dst;
+ }
+ }
+
+ /* Duplicate the fill byte to the rest of the 64-bit word. */
+ fill |= fill << 8;
+ fill |= fill << 16;
+ fill |= fill << 32;
+
+ /* Use 64-bit writes for as long as possible. */
+ ptr64 = (void *)ptr;
+ for (; count >= 8; count -= 8) {
+ *ptr64++ = fill;
+ }
+
+ /* Handle the remaining part byte-per-byte. */
+ ptr = (void *)ptr64;
+ while (count--) {
*ptr++ = val;
+ }
return dst;
}
diff --git a/lib/libc/snprintf.c b/lib/libc/snprintf.c
index 2686327..6e80d8c 100644
--- a/lib/libc/snprintf.c
+++ b/lib/libc/snprintf.c
@@ -77,7 +77,7 @@
}
/*******************************************************************
- * Reduced snprintf to be used for Trusted firmware.
+ * Reduced vsnprintf to be used for Trusted firmware.
* The following type specifiers are supported:
*
* %x (or %X) - hexadecimal format
@@ -97,9 +97,8 @@
* buffer was big enough. If it returns a value lower than n, the
* whole string has been written.
*******************************************************************/
-int snprintf(char *s, size_t n, const char *fmt, ...)
+int vsnprintf(char *s, size_t n, const char *fmt, va_list args)
{
- va_list args;
int num;
unsigned long long int unum;
char *str;
@@ -120,7 +119,6 @@
n--;
}
- va_start(args, fmt);
while (*fmt != '\0') {
left = false;
padc ='\0';
@@ -221,10 +219,42 @@
chars_printed++;
}
- va_end(args);
-
- if (n > 0U)
+ if (n > 0U) {
*s = '\0';
+ }
return (int)chars_printed;
}
+
+/*******************************************************************
+ * Reduced snprintf to be used for Trusted firmware.
+ * The following type specifiers are supported:
+ *
+ * %x (or %X) - hexadecimal format
+ * %d or %i - signed decimal format
+ * %s - string format
+ * %u - unsigned decimal format
+ * %p - pointer format
+ *
+ * The following padding specifiers are supported by this print
+ * %0NN - Left-pad the number with 0s (NN is a decimal number)
+ * %NN - Left-pad the number or string with spaces (NN is a decimal number)
+ * %-NN - Right-pad the number or string with spaces (NN is a decimal number)
+ *
+ * The function panics on all other formats specifiers.
+ *
+ * It returns the number of characters that would be written if the
+ * buffer was big enough. If it returns a value lower than n, the
+ * whole string has been written.
+ *******************************************************************/
+int snprintf(char *s, size_t n, const char *fmt, ...)
+{
+ int count;
+ va_list all_args;
+
+ va_start(all_args, fmt);
+ count = vsnprintf(s, n, fmt, all_args);
+ va_end(all_args);
+
+ return count;
+}
diff --git a/lib/libc/strlcat.c b/lib/libc/strlcat.c
new file mode 100644
index 0000000..e60c863
--- /dev/null
+++ b/lib/libc/strlcat.c
@@ -0,0 +1,56 @@
+/* $OpenBSD: strlcat.c,v 1.15 2015/03/02 21:41:08 millert Exp $ */
+
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <string.h>
+
+/*
+ * Appends src to string dst of size dsize (unlike strncat, dsize is the
+ * full size of dst, not space left). At most dsize-1 characters
+ * will be copied. Always NUL terminates (unless dsize <= strlen(dst)).
+ * Returns strlen(src) + MIN(dsize, strlen(initial dst)).
+ * If retval >= dsize, truncation occurred.
+ */
+size_t
+strlcat(char * dst, const char * src, size_t dsize)
+{
+ const char *odst = dst;
+ const char *osrc = src;
+ size_t n = dsize;
+ size_t dlen;
+
+ /* Find the end of dst and adjust bytes left but don't go past end. */
+ while (n-- != 0 && *dst != '\0')
+ dst++;
+ dlen = dst - odst;
+ n = dsize - dlen;
+
+ if (n-- == 0)
+ return(dlen + strlen(src));
+ while (*src != '\0') {
+ if (n != 0) {
+ *dst++ = *src;
+ n--;
+ }
+ src++;
+ }
+ *dst = '\0';
+
+ return(dlen + (src - osrc)); /* count does not include NUL */
+}
diff --git a/lib/libc/strtok.c b/lib/libc/strtok.c
new file mode 100644
index 0000000..7e1a4d2
--- /dev/null
+++ b/lib/libc/strtok.c
@@ -0,0 +1,83 @@
+/*-
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright (c) 1998 Softweyr LLC. All rights reserved.
+ *
+ * strtok_r, from Berkeley strtok
+ * Oct 13, 1998 by Wes Peters <wes@softweyr.com>
+ *
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notices, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notices, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY SOFTWEYR LLC, THE REGENTS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SOFTWEYR LLC, THE
+ * REGENTS, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+char *
+strtok_r(char *s, const char *delim, char **last)
+{
+ char *spanp, *tok;
+ int c, sc;
+
+ if (s == NULL && (s = *last) == NULL)
+ return (NULL);
+
+ /*
+ * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
+ */
+cont:
+ c = *s++;
+ for (spanp = (char *)delim; (sc = *spanp++) != 0;) {
+ if (c == sc)
+ goto cont;
+ }
+
+ if (c == 0) { /* no non-delimiter characters */
+ *last = NULL;
+ return (NULL);
+ }
+ tok = s - 1;
+
+ /*
+ * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
+ * Note that delim must have one NUL; we stop if we see that, too.
+ */
+ for (;;) {
+ c = *s++;
+ spanp = (char *)delim;
+ do {
+ if ((sc = *spanp++) == c) {
+ if (c == 0)
+ s = NULL;
+ else
+ s[-1] = '\0';
+ *last = s;
+ return (tok);
+ }
+ } while (sc != 0);
+ }
+ /* NOTREACHED */
+}
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index cced276..6d81377 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -12,6 +12,7 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
+#include <drivers/delay_timer.h>
#include <lib/el3_runtime/context_mgmt.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -973,3 +974,49 @@
psci_do_pwrdown_cache_maintenance(power_level);
#endif
}
+
+/*******************************************************************************
+ * This function invokes the callback 'stop_func()' with the 'mpidr' of each
+ * online PE. Caller can pass suitable method to stop a remote core.
+ *
+ * 'wait_ms' is the timeout value in milliseconds for the other cores to
+ * transition to power down state. Passing '0' makes it non-blocking.
+ *
+ * The function returns 'PSCI_E_DENIED' if some cores failed to stop within the
+ * given timeout.
+ ******************************************************************************/
+int psci_stop_other_cores(unsigned int wait_ms,
+ void (*stop_func)(u_register_t mpidr))
+{
+ unsigned int idx, this_cpu_idx;
+
+ this_cpu_idx = plat_my_core_pos();
+
+ /* Invoke stop_func for each core */
+ for (idx = 0U; idx < psci_plat_core_count; idx++) {
+ /* skip current CPU */
+ if (idx == this_cpu_idx) {
+ continue;
+ }
+
+ /* Check if the CPU is ON */
+ if (psci_get_aff_info_state_by_idx(idx) == AFF_STATE_ON) {
+ (*stop_func)(psci_cpu_pd_nodes[idx].mpidr);
+ }
+ }
+
+ /* Need to wait for other cores to shutdown */
+ if (wait_ms != 0U) {
+ while ((wait_ms-- != 0U) && (psci_is_last_on_cpu() != 0U)) {
+ mdelay(1U);
+ }
+
+ if (psci_is_last_on_cpu() != 0U) {
+ WARN("Failed to stop all cores!\n");
+ psci_print_power_domain_map();
+ return PSCI_E_DENIED;
+ }
+ }
+
+ return PSCI_E_SUCCESS;
+}
diff --git a/make_helpers/armv7-a-cpus.mk b/make_helpers/armv7-a-cpus.mk
index 5571ab0..eec85cc 100644
--- a/make_helpers/armv7-a-cpus.mk
+++ b/make_helpers/armv7-a-cpus.mk
@@ -44,10 +44,13 @@
# Defined if ARMv7 core supports the Generic Timer extension.
ifeq ($(filter yes,$(ARM_CORTEX_A7) $(ARM_CORTEX_A12) $(ARM_CORTEX_A15) $(ARM_CORTEX_A17)),yes)
-$(eval $(call add_define,ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING))
-$(eval $(call add_define,ARMV7_SUPPORTS_VIRTUALIZATION))
-$(eval $(call add_define,ARMV7_SUPPORTS_GENERIC_TIMER))
-$(eval $(call add_define,ARMV7_SUPPORTS_VFP))
+$(eval $(call add_defines,\
+ $(sort \
+ ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING \
+ ARMV7_SUPPORTS_VIRTUALIZATION \
+ ARMV7_SUPPORTS_GENERIC_TIMER \
+ ARMV7_SUPPORTS_VFP \
+)))
endif
ifeq ($(ARM_CORTEX_A5),yes)
diff --git a/make_helpers/build_macros.mk b/make_helpers/build_macros.mk
index 1c3d14d..613fca2 100644
--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -44,6 +44,13 @@
DEFINES += -D$(1)$(if $(value $(1)),=$(value $(1)),)
endef
+
+# Convenience function for addding multiple build definitions
+# $(eval $(call add_defines,FOO BOO))
+define add_defines
+ $(foreach def,$1,$(eval $(call add_define,$(def))))
+endef
+
# Convenience function for adding build definitions
# $(eval $(call add_define_val,FOO,BAR)) will have:
# -DFOO=BAR
@@ -57,6 +64,12 @@
$(if $(filter-out 0 1,$($1)),$(error $1 must be boolean))
endef
+# Convenience function for verifying options have boolean values
+# $(eval $(call assert_booleans,FOO BOO)) will assert FOO and BOO for 0 or 1 values
+define assert_booleans
+ $(foreach bool,$1,$(eval $(call assert_boolean,$(bool))))
+endef
+
0-9 := 0 1 2 3 4 5 6 7 8 9
# Function to verify that a given option $(1) contains a numeric value
@@ -67,6 +80,12 @@
$(if $(__numeric),$(error $(1) must be numeric))
endef
+# Convenience function for verifying options have numeric values
+# $(eval $(call assert_numerics,FOO BOO)) will assert FOO and BOO contain numeric values
+define assert_numerics
+ $(foreach num,$1,$(eval $(call assert_numeric,$(num))))
+endef
+
# CREATE_SEQ is a recursive function to create sequence of numbers from 1 to
# $(2) and assign the sequence to $(1)
define CREATE_SEQ
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 27f8f2a..7220a5d 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -157,6 +157,11 @@
# Set the default algorithm for the generation of Trusted Board Boot keys
KEY_ALG := rsa
+# Set the default key size in case KEY_ALG is rsa
+ifeq ($(KEY_ALG),rsa)
+KEY_SIZE := 2048
+endif
+
# Option to build TF with Measured Boot support
MEASURED_BOOT := 0
diff --git a/make_helpers/windows.mk b/make_helpers/windows.mk
index 5ab8bdc..26ea88e 100644
--- a/make_helpers/windows.mk
+++ b/make_helpers/windows.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -86,3 +86,5 @@
$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -x c -c - -o $1
endef
+MSVC_NMAKE := nmake.exe
+
diff --git a/plat/arm/board/a5ds/platform.mk b/plat/arm/board/a5ds/platform.mk
index 5d610f4..8b0dc5c 100644
--- a/plat/arm/board/a5ds/platform.mk
+++ b/plat/arm/board/a5ds/platform.mk
@@ -77,14 +77,14 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/a5ds_tb_fw_config.dtb
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
$(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
fdts/$(notdir ${FVP_HW_CONFIG_DTS})))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG}))
FDT_SOURCES += plat/arm/board/a5ds/fdts/a5ds_fw_config.dts \
plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts \
diff --git a/plat/arm/board/corstone700/platform.mk b/plat/arm/board/corstone700/platform.mk
index 513af3c..9a8d38c 100644
--- a/plat/arm/board/corstone700/platform.mk
+++ b/plat/arm/board/corstone700/platform.mk
@@ -48,7 +48,7 @@
$(eval CORSTONE700_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(CORSTONE700_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${CORSTONE700_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${CORSTONE700_HW_CONFIG},--hw-config,${CORSTONE700_HW_CONFIG}))
# Check for Linux kernel as a BL33 image by default
$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
diff --git a/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts b/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
index ca42da0..934a01a 100644
--- a/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
+++ b/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts
@@ -44,14 +44,14 @@
is_ffa_partition;
debug_name = "cactus-secondary";
load_address = <0x7100000>;
- vcpu_count = <2>;
+ vcpu_count = <8>;
mem_size = <1048576>;
};
vm3 {
is_ffa_partition;
debug_name = "cactus-tertiary";
load_address = <0x7200000>;
- vcpu_count = <2>;
+ vcpu_count = <8>;
mem_size = <1048576>;
};
};
diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
index 692f5a9..fe154e9 100644
--- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
@@ -40,35 +40,34 @@
};
/*
- * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in
- * network order (big endian), UUID's mentioned in this file are are
- * stored in machine order (little endian).
- * This will be fixed in future.
+ * UUID's here are UUID RFC 4122 compliant meaning fieds are stored in
+ * network order (big endian)
*/
+
#if ARM_IO_IN_DTB
arm-io_policies {
fip-handles {
compatible = "arm,io-fip-handle";
- scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>;
- bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>;
- bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>;
- bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>;
- bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>;
- bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>;
- hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>;
- soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>;
- tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>;
- nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>;
- t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>;
- scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>;
- soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>;
- tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>;
- nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>;
- scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>;
- soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>;
- tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>;
- nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>;
- sp_content_cert_uuid = <0x44fd6d77 0x3b4c9786 0x3ec1eb91 0x6f2a5a02>;
+ scp_bl2_uuid = <0x9766fd3d 0x89bee849 0xae5d78a1 0x40608213>;
+ bl31_uuid = <0x47d4086d 0x4cfe9846 0x9b952950 0xcbbd5a00>;
+ bl32_uuid = <0x05d0e189 0x53dc1347 0x8d2b500a 0x4b7a3e38>;
+ bl32_extra1_uuid = <0x0b70c28b 0x2a5a7840 0x9f650a56 0x82738288>;
+ bl32_extra2_uuid = <0x8ea87bb1 0xcfa23f4d 0x85fde7bb 0xa50220d9>;
+ bl33_uuid = <0xd6d0eea7 0xfcead54b 0x97829934 0xf234b6e4>;
+ hw_cfg_uuid = <0x08b8f1d9 0xc9cf9349 0xa9626fbc 0x6b7265cc>;
+ soc_fw_cfg_uuid = <0x9979814b 0x0376fb46 0x8c8e8d26 0x7f7859e0>;
+ tos_fw_cfg_uuid = <0x26257c1a 0xdbc67f47 0x8d96c4c4 0xb0248021>;
+ nt_fw_cfg_uuid = <0x28da9815 0x93e87e44 0xac661aaf 0x801550f9>;
+ t_key_cert_uuid = <0x827ee890 0xf860e411 0xa1b477a7 0x21b4f94c>;
+ scp_fw_key_uuid = <0x024221a1 0xf860e411 0x8d9bf33c 0x0e15a014>;
+ soc_fw_key_uuid = <0x8ab8becc 0xf960e411 0x9ad0eb48 0x22d8dcf8>;
+ tos_fw_key_cert_uuid = <0x9477d603 0xfb60e411 0x85ddb710 0x5b8cee04>;
+ nt_fw_key_cert_uuid = <0x8ad5832a 0xfb60e411 0x8aafdf30 0xbbc49859>;
+ scp_fw_content_cert_uuid = <0x44be6f04 0x5e63e411 0xb28b73d8 0xeaae9656>;
+ soc_fw_content_cert_uuid = <0xe2b20c20 0x5e63e411 0x9ce8abcc 0xf92bb666>;
+ tos_fw_content_cert_uuid = <0xa49f4411 0x5e63e411 0x87283f05 0x722af33d>;
+ nt_fw_content_cert_uuid = <0x8ec4c1f3 0x5d63e411 0xa7a987ee 0x40b23fa7>;
+ sp_content_cert_uuid = <0x776dfd44 0x86974c3b 0x91ebc13e 0x025a2a6f>;
};
};
#endif /* ARM_IO_IN_DTB */
@@ -77,24 +76,24 @@
compatible = "arm,sp";
#ifdef OPTEE_SP_FW_CONFIG
op-tee {
- uuid = <0xe0786148 0xe311f8e7 0x02005ebc 0x1bc5d5a5>;
+ uuid = <0x486178e0 0xe7f811e3 0xbc5e0002 0xa5d5c51b>;
load-address = <0x6280000>;
};
#else
cactus-primary {
- uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>;
+ uuid = <0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1dacb>;
load-address = <0x7000000>;
owner = "SiP";
};
cactus-secondary {
- uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>;
+ uuid = <0xd1582309 0xf02347b9 0x827c4464 0xf5578fc8>;
load-address = <0x7100000>;
owner = "Plat";
};
cactus-tertiary {
- uuid = <0x735cb579 0xb9448c1d 0xe1619385 0xd2d80a77>;
+ uuid = <0x79b55c73 0x1d8c44b9 0x859361e1 0x770ad8d2>;
load-address = <0x7200000>;
};
#endif
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index a986017..50f6389 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -118,7 +118,11 @@
* little space for growth.
*/
#if TRUSTED_BOARD_BOOT
+#if COT_DESC_IN_DTB
+# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1E000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+#endif
#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
#endif
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index b6a9dae..4565d05 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -246,7 +246,7 @@
FVP_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tsp_fw_config.dtb
# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config,${FVP_TOS_FW_CONFIG}))
endif
ifeq (${SPD},spmd)
@@ -259,23 +259,23 @@
FVP_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${ARM_SPMC_MANIFEST_DTS})).dtb
# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config,${FVP_TOS_FW_CONFIG}))
endif
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config,${FVP_FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config,${FVP_TB_FW_CONFIG}))
# Add the SOC_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_SOC_FW_CONFIG},--soc-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_SOC_FW_CONFIG},--soc-fw-config,${FVP_SOC_FW_CONFIG}))
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config,${FVP_NT_FW_CONFIG}))
FDT_SOURCES += ${FVP_HW_CONFIG_DTS}
$(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(FVP_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG}))
endif
# Enable Activity Monitor Unit extensions by default
diff --git a/plat/arm/board/fvp_ve/platform.mk b/plat/arm/board/fvp_ve/platform.mk
index 0aa1de4..ac45d57 100644
--- a/plat/arm/board/fvp_ve/platform.mk
+++ b/plat/arm/board/fvp_ve/platform.mk
@@ -81,15 +81,15 @@
FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/fvp_ve_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config,${FVP_FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config,${FVP_TB_FW_CONFIG}))
FDT_SOURCES += ${FVP_HW_CONFIG_DTS}
$(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
fdts/$(notdir ${FVP_HW_CONFIG_DTS})))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG}))
endif
NEED_BL32 := yes
diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk
index 196d3c0..78704b5 100644
--- a/plat/arm/board/juno/platform.mk
+++ b/plat/arm/board/juno/platform.mk
@@ -172,9 +172,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
diff --git a/plat/arm/board/rddaniel/platform.mk b/plat/arm/board/rddaniel/platform.mk
index 81632a5..8909b55 100644
--- a/plat/arm/board/rddaniel/platform.mk
+++ b/plat/arm/board/rddaniel/platform.mk
@@ -44,14 +44,14 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${RDDANIEL_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
override CTX_INCLUDE_AARCH32_REGS := 0
diff --git a/plat/arm/board/rddanielxlr/platform.mk b/plat/arm/board/rddanielxlr/platform.mk
index 93967ad..61af81a 100644
--- a/plat/arm/board/rddanielxlr/platform.mk
+++ b/plat/arm/board/rddanielxlr/platform.mk
@@ -47,9 +47,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
$(eval $(call CREATE_SEQ,SEQ,4))
ifneq ($(CSS_SGI_CHIP_COUNT),$(filter $(CSS_SGI_CHIP_COUNT),$(SEQ)))
@@ -61,6 +61,6 @@
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
override CTX_INCLUDE_AARCH32_REGS := 0
diff --git a/plat/arm/board/rde1edge/platform.mk b/plat/arm/board/rde1edge/platform.mk
index e09afca..a7c0434 100644
--- a/plat/arm/board/rde1edge/platform.mk
+++ b/plat/arm/board/rde1edge/platform.mk
@@ -41,15 +41,15 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${RDE1EDGE_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
ifneq ($(CSS_SGI_CHIP_COUNT),1)
$(error "Chip count for RDE1Edge should be 1, currently set to \
diff --git a/plat/arm/board/rdn1edge/platform.mk b/plat/arm/board/rdn1edge/platform.mk
index 3f0cc7f..b313426 100644
--- a/plat/arm/board/rdn1edge/platform.mk
+++ b/plat/arm/board/rdn1edge/platform.mk
@@ -47,15 +47,15 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${RDN1EDGE_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
$(eval $(call CREATE_SEQ,SEQ,2))
ifneq ($(CSS_SGI_CHIP_COUNT),$(filter $(CSS_SGI_CHIP_COUNT),$(SEQ)))
diff --git a/plat/arm/board/sgi575/platform.mk b/plat/arm/board/sgi575/platform.mk
index f5d547d..56f5733 100644
--- a/plat/arm/board/sgi575/platform.mk
+++ b/plat/arm/board/sgi575/platform.mk
@@ -42,15 +42,15 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${SGI575_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
ifneq ($(CSS_SGI_CHIP_COUNT),1)
$(error "Chip count for SGI575 should be 1, currently set to \
diff --git a/plat/arm/board/sgm775/platform.mk b/plat/arm/board/sgm775/platform.mk
index 26bc25d..a649939 100644
--- a/plat/arm/board/sgm775/platform.mk
+++ b/plat/arm/board/sgm775/platform.mk
@@ -15,9 +15,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
PLAT_INCLUDES +=-I${SGM775_BASE}/include/
diff --git a/plat/arm/board/tc0/include/platform_def.h b/plat/arm/board/tc0/include/platform_def.h
index 56c71c1..a8d471e 100644
--- a/plat/arm/board/tc0/include/platform_def.h
+++ b/plat/arm/board/tc0/include/platform_def.h
@@ -183,12 +183,12 @@
* PLAT_CSS_MAX_SCP_BL2_SIZE is calculated using the current
* SCP_BL2 size plus a little space for growth.
*/
-#define PLAT_CSS_MAX_SCP_BL2_SIZE 0x14000
+#define PLAT_CSS_MAX_SCP_BL2_SIZE 0x20000
/*
* PLAT_CSS_MAX_SCP_BL2U_SIZE is calculated using the current
* SCP_BL2U size plus a little space for growth.
*/
-#define PLAT_CSS_MAX_SCP_BL2U_SIZE 0x14000
+#define PLAT_CSS_MAX_SCP_BL2U_SIZE 0x20000
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/tc0/platform.mk b/plat/arm/board/tc0/platform.mk
index 0bf18e4..903fabf 100644
--- a/plat/arm/board/tc0/platform.mk
+++ b/plat/arm/board/tc0/platform.mk
@@ -79,9 +79,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
#Device tree
TC0_HW_CONFIG_DTS := fdts/tc0.dts
@@ -90,7 +90,7 @@
$(eval TC0_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(TC0_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TC0_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TC0_HW_CONFIG},--hw-config,${TC0_HW_CONFIG}))
override CTX_INCLUDE_AARCH32_REGS := 0
diff --git a/plat/arm/common/aarch64/arm_ehf.c b/plat/arm/common/aarch64/arm_ehf.c
deleted file mode 100644
index 69ebd79..0000000
--- a/plat/arm/common/aarch64/arm_ehf.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <platform_def.h>
-
-#include <bl31/ehf.h>
-
-/*
- * Enumeration of priority levels on ARM platforms.
- */
-ehf_pri_desc_t arm_exceptions[] = {
-#if RAS_EXTENSION
- /* RAS Priority */
- EHF_PRI_DESC(ARM_PRI_BITS, PLAT_RAS_PRI),
-#endif
-
-#if SDEI_SUPPORT
- /* Critical priority SDEI */
- EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SDEI_CRITICAL_PRI),
-
- /* Normal priority SDEI */
- EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SDEI_NORMAL_PRI),
-#endif
-#if SPM_MM
- EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SP_PRI),
-#endif
-};
-
-/* Plug in ARM exceptions to Exception Handling Framework. */
-EHF_REGISTER_PRIORITIES(arm_exceptions, ARRAY_SIZE(arm_exceptions), ARM_PRI_BITS);
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 224de9d..74afc53 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -264,7 +264,7 @@
endif
ifeq (${EL3_EXCEPTION_HANDLING},1)
-BL31_SOURCES += plat/arm/common/aarch64/arm_ehf.c
+BL31_SOURCES += plat/common/aarch64/plat_ehf.c
endif
ifeq (${SDEI_SUPPORT},1)
@@ -303,9 +303,14 @@
# Include the selected chain of trust sources.
ifeq (${COT},tbbr)
- AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c
- BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_bl1.c
- BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_bl2.c
+ BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
+ drivers/auth/tbbr/tbbr_cot_bl1.c
+ ifneq (${COT_DESC_IN_DTB},0)
+ BL2_SOURCES += lib/fconf/fconf_cot_getter.c
+ else
+ BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
+ drivers/auth/tbbr/tbbr_cot_bl2.c
+ endif
else ifeq (${COT},dualroot)
AUTH_SOURCES += drivers/auth/dualroot/cot.c
else
diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 5f125d3..48286c2 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@@ -249,6 +249,7 @@
{
int err, node;
unsigned int i;
+ unsigned int j;
union uuid_helper_t uuid_helper;
io_uuid_spec_t *uuid_ptr;
@@ -274,6 +275,15 @@
return err;
}
+ /* Convert uuid from big endian to little endian */
+ for (j = 0U; j < 4U; j++) {
+ uuid_helper.word[j] =
+ ((uuid_helper.word[j] >> 24U) & 0xff) |
+ ((uuid_helper.word[j] << 8U) & 0xff0000) |
+ ((uuid_helper.word[j] >> 8U) & 0xff00) |
+ ((uuid_helper.word[j] << 24U) & 0xff000000);
+ }
+
VERBOSE("FCONF: arm-io_policies.%s cell found with value = 0x%x 0x%x 0x%x 0x%x\n",
load_info[i].name,
uuid_helper.word[0], uuid_helper.word[1],
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 50a9dd4..7950e7f 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -37,6 +37,7 @@
const unsigned int plat_start = SP_PKG5_ID;
unsigned int plat_index = plat_start;
const unsigned int plat_end = plat_start + MAX_SP_IDS / 2;
+ unsigned int j;
/* As libfdt use void *, we can't avoid this cast */
const void *dtb = (void *)config;
@@ -64,6 +65,16 @@
ERROR("FCONF: cannot read SP uuid\n");
return -1;
}
+
+ /* Convert uuid from big endian to little endian */
+ for (j = 0U; j < 4U; j++) {
+ uuid_helper.word[j] =
+ ((uuid_helper.word[j] >> 24U) & 0xff) |
+ ((uuid_helper.word[j] << 8U) & 0xff0000) |
+ ((uuid_helper.word[j] >> 8U) & 0xff00) |
+ ((uuid_helper.word[j] << 24U) & 0xff000000);
+ }
+
arm_sp.uuids[index] = uuid_helper;
VERBOSE("FCONF: %s UUID %x-%x-%x-%x load_addr=%lx\n",
__func__,
diff --git a/plat/common/aarch64/plat_ehf.c b/plat/common/aarch64/plat_ehf.c
new file mode 100644
index 0000000..da76884
--- /dev/null
+++ b/plat/common/aarch64/plat_ehf.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020, Broadcom
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <bl31/ehf.h>
+
+#include <platform_def.h>
+
+/*
+ * Enumeration of priority levels on ARM platforms.
+ */
+ehf_pri_desc_t plat_exceptions[] = {
+#if RAS_EXTENSION
+ /* RAS Priority */
+ EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_RAS_PRI),
+#endif
+
+#if SDEI_SUPPORT
+ /* Critical priority SDEI */
+ EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SDEI_CRITICAL_PRI),
+
+ /* Normal priority SDEI */
+ EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SDEI_NORMAL_PRI),
+#endif
+#if SPM_MM
+ EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SP_PRI),
+#endif
+ /* Plaform specific exceptions description */
+#ifdef PLAT_EHF_DESC
+ PLAT_EHF_DESC,
+#endif
+};
+
+/* Plug in ARM exceptions to Exception Handling Framework. */
+EHF_REGISTER_PRIORITIES(plat_exceptions, ARRAY_SIZE(plat_exceptions), PLAT_PRI_BITS);
diff --git a/plat/mediatek/common/mtk_plat_common.c b/plat/mediatek/common/mtk_plat_common.c
index a07a298..f57e435 100644
--- a/plat/mediatek/common/mtk_plat_common.c
+++ b/plat/mediatek/common/mtk_plat_common.c
@@ -10,8 +10,10 @@
#include <drivers/arm/cci.h>
#include <drivers/console.h>
#include <lib/mmio.h>
+#include <lib/smccc.h>
#include <lib/xlat_tables/xlat_tables.h>
#include <plat/common/platform.h>
+#include <services/arm_arch_svc.h>
#include <mtk_plat_common.h>
#include <mtk_sip_svc.h>
@@ -116,3 +118,33 @@
spsr = SPSR_MODE32(mode, 0, ee, daif);
return spsr;
}
+
+/*****************************************************************************
+ * plat_is_smccc_feature_available() - This function checks whether SMCCC
+ * feature is availabile for platform.
+ * @fid: SMCCC function id
+ *
+ * Return SMC_OK if SMCCC feature is available and SMC_ARCH_CALL_NOT_SUPPORTED
+ * otherwise.
+ *****************************************************************************/
+int32_t plat_is_smccc_feature_available(u_register_t fid)
+{
+ switch (fid) {
+ case SMCCC_ARCH_SOC_ID:
+ return SMC_ARCH_CALL_SUCCESS;
+ default:
+ return SMC_ARCH_CALL_NOT_SUPPORTED;
+ }
+}
+
+int32_t plat_get_soc_version(void)
+{
+ uint32_t manfid = (JEDEC_MTK_BKID << 24U) | (JEDEC_MTK_MFID << 16U);
+
+ return (int32_t)(manfid | (SOC_CHIP_ID & 0xFFFFU));
+}
+
+int32_t plat_get_soc_revision(void)
+{
+ return 0;
+}
diff --git a/plat/mediatek/common/mtk_plat_common.h b/plat/mediatek/common/mtk_plat_common.h
index 55f4c51..919c173 100644
--- a/plat/mediatek/common/mtk_plat_common.h
+++ b/plat/mediatek/common/mtk_plat_common.h
@@ -18,6 +18,9 @@
#define LINUX_KERNEL_32 0
#define SMC32_PARAM_MASK (0xFFFFFFFF)
+#define JEDEC_MTK_BKID U(4)
+#define JEDEC_MTK_MFID U(0x26)
+
struct atf_arg_t {
unsigned int atf_magic;
unsigned int tee_support;
diff --git a/plat/mediatek/mt8173/include/platform_def.h b/plat/mediatek/mt8173/include/platform_def.h
index 22129db..d340422 100644
--- a/plat/mediatek/mt8173/include/platform_def.h
+++ b/plat/mediatek/mt8173/include/platform_def.h
@@ -51,6 +51,8 @@
PLATFORM_CLUSTER_COUNT + \
PLATFORM_CORE_COUNT)
+#define SOC_CHIP_ID U(0x8173)
+
/*******************************************************************************
* Platform memory map related constants
******************************************************************************/
diff --git a/plat/mediatek/mt8183/include/platform_def.h b/plat/mediatek/mt8183/include/platform_def.h
index 49a0f80..25ccfbc 100644
--- a/plat/mediatek/mt8183/include/platform_def.h
+++ b/plat/mediatek/mt8183/include/platform_def.h
@@ -279,6 +279,8 @@
PLATFORM_CLUSTER_COUNT + \
PLATFORM_CORE_COUNT)
+#define SOC_CHIP_ID U(0x8183)
+
/*******************************************************************************
* Platform memory map related constants
******************************************************************************/
diff --git a/plat/mediatek/mt8192/include/platform_def.h b/plat/mediatek/mt8192/include/platform_def.h
index e1f0faf..f68015a 100644
--- a/plat/mediatek/mt8192/include/platform_def.h
+++ b/plat/mediatek/mt8192/include/platform_def.h
@@ -59,6 +59,8 @@
#define PLATFORM_CORE_COUNT (PLATFORM_CLUSTER0_CORE_COUNT)
#define PLATFORM_MAX_CPUS_PER_CLUSTER U(8)
+#define SOC_CHIP_ID U(0x8192)
+
/*******************************************************************************
* Platform memory map related constants
******************************************************************************/
diff --git a/plat/nvidia/tegra/common/tegra_common.mk b/plat/nvidia/tegra/common/tegra_common.mk
index 136f824..3791018 100644
--- a/plat/nvidia/tegra/common/tegra_common.mk
+++ b/plat/nvidia/tegra/common/tegra_common.mk
@@ -44,7 +44,6 @@
${TEGRA_LIBS}/debug/profiler.c \
${TEGRA_COMMON}/tegra_bl31_setup.c \
${TEGRA_COMMON}/tegra_delay_timer.c \
- ${TEGRA_COMMON}/tegra_ehf.c \
${TEGRA_COMMON}/tegra_fiq_glue.c \
${TEGRA_COMMON}/tegra_io_storage.c \
${TEGRA_COMMON}/tegra_platform.c \
@@ -55,3 +54,6 @@
ifneq ($(ENABLE_STACK_PROTECTOR), 0)
BL31_SOURCES += ${TEGRA_COMMON}/tegra_stack_protector.c
endif
+ifeq (${EL3_EXCEPTION_HANDLING},1)
+BL31_SOURCES += plat/common/aarch64/plat_ehf.c
+endif
diff --git a/plat/nvidia/tegra/common/tegra_ehf.c b/plat/nvidia/tegra/common/tegra_ehf.c
deleted file mode 100644
index ea6e443..0000000
--- a/plat/nvidia/tegra/common/tegra_ehf.c
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <platform_def.h>
-
-#include <bl31/ehf.h>
-
-/*
- * Enumeration of priority levels on Tegra platforms.
- */
-ehf_pri_desc_t tegra_exceptions[] = {
- /* Watchdog priority */
- EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_TEGRA_WDT_PRIO),
-
-#if SDEI_SUPPORT
- /* Critical priority SDEI */
- EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SDEI_CRITICAL_PRI),
-
- /* Normal priority SDEI */
- EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SDEI_NORMAL_PRI),
-#endif
-};
-
-/* Plug in Tegra exceptions to Exception Handling Framework. */
-EHF_REGISTER_PRIORITIES(tegra_exceptions, ARRAY_SIZE(tegra_exceptions), PLAT_PRI_BITS);
diff --git a/plat/nvidia/tegra/include/platform_def.h b/plat/nvidia/tegra/include/platform_def.h
index 2bfd797..84b3297 100644
--- a/plat/nvidia/tegra/include/platform_def.h
+++ b/plat/nvidia/tegra/include/platform_def.h
@@ -99,6 +99,9 @@
#define PLAT_SDEI_NORMAL_PRI U(0x30)
#define PLAT_TEGRA_WDT_PRIO U(0x40)
+#define PLAT_EHF_DESC EHF_PRI_DESC(PLAT_PRI_BITS,\
+ PLAT_TEGRA_WDT_PRIO)
+
/*******************************************************************************
* SDEI events
******************************************************************************/
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index 9441437..14bf049 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -84,7 +84,7 @@
certificates: $(ROT_KEY)
- $(ROT_KEY):
+ $(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
$(Q)openssl genrsa 2048 > $@ 2>/dev/null
diff --git a/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h b/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h
index 9c4a724..2252557 100644
--- a/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h
+++ b/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h
@@ -16,6 +16,9 @@
/* Standard Library API's */
void *qtiseclib_cb_memcpy(void *dst, const void *src, size_t len);
+int qtiseclib_cb_strcmp(const char *s1, const char *s2);
+void *qtiseclib_cb_memset(void *s, int c, size_t n);
+void *qtiseclib_cb_memmove(void *dest, const void *src, size_t n);
#define QTISECLIB_CB_ERROR(...) qtiseclib_cb_log(QTISECLIB_LOG_LEVEL_ERROR, __VA_ARGS__)
#define QTISECLIB_CB_NOTICE(...) qtiseclib_cb_log(QTISECLIB_LOG_LEVEL_NOTICE, __VA_ARGS__)
@@ -41,6 +44,8 @@
void qtiseclib_cb_udelay(uint32_t usec);
+int qtiseclib_cb_console_flush(void);
+
#if QTI_SDI_BUILD
int qtiseclib_cb_mmap_remove_dynamic_region(uintptr_t base_va, size_t size);
int qtiseclib_cb_mmap_add_dynamic_region(unsigned long long base_pa,
diff --git a/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c b/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c
index 1b1393e..331a104 100644
--- a/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c
+++ b/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c
@@ -29,6 +29,21 @@
return memcpy(dst, src, len);
}
+int qtiseclib_cb_strcmp(const char *s1, const char *s2)
+{
+ return strcmp(s1, s2);
+}
+
+void *qtiseclib_cb_memset(void *s, int c, size_t n)
+{
+ return memset(s, c, n);
+}
+
+void *qtiseclib_cb_memmove(void *dest, const void *src, size_t n)
+{
+ return memmove(dest, src, n);
+}
+
/* Printing logs below or equal LOG_LEVEL from QTISECLIB. */
void qtiseclib_cb_log(unsigned int loglvl, const char *fmt, ...)
{
@@ -106,6 +121,11 @@
udelay(usec);
}
+int qtiseclib_cb_console_flush(void)
+{
+ return console_flush();
+}
+
#if QTI_SDI_BUILD
void qtiseclib_cb_get_ns_ctx(qtiseclib_dbg_a64_ctxt_regs_type *qti_ns_ctx)
{
diff --git a/plat/rockchip/common/params_setup.c b/plat/rockchip/common/params_setup.c
index 2ff81ed..aec53ee 100644
--- a/plat/rockchip/common/params_setup.c
+++ b/plat/rockchip/common/params_setup.c
@@ -230,12 +230,27 @@
void params_early_setup(u_register_t plat_param_from_bl2)
{
+ int ret;
+
/*
* Test if this is a FDT passed as a platform-specific parameter
* block.
*/
- if (!dt_process_fdt(plat_param_from_bl2))
+ ret = dt_process_fdt(plat_param_from_bl2);
+ if (!ret) {
+ return;
+ } else if (ret != -FDT_ERR_BADMAGIC) {
+ /*
+ * If we found an FDT but couldn't parse it (e.g. corrupt, not
+ * enough space), return and don't attempt to parse the param
+ * as something else, since we know that will also fail. All
+ * we're doing is setting up UART, this doesn't need to be
+ * fatal.
+ */
+ WARN("%s: found FDT but could not parse: error %d\n",
+ __func__, ret);
return;
+ }
bl_aux_params_parse(plat_param_from_bl2, rk_aux_param_handler);
}
diff --git a/plat/rpi/rpi3/platform.mk b/plat/rpi/rpi3/platform.mk
index 4d627b8..6c23923 100644
--- a/plat/rpi/rpi3/platform.mk
+++ b/plat/rpi/rpi3/platform.mk
@@ -210,7 +210,7 @@
certificates: $(ROT_KEY)
- $(ROT_KEY):
+ $(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
$(Q)openssl genrsa 2048 > $@ 2>/dev/null
diff --git a/plat/st/stm32mp1/platform.mk b/plat/st/stm32mp1/platform.mk
index 9998236..41eacc8 100644
--- a/plat/st/stm32mp1/platform.mk
+++ b/plat/st/stm32mp1/platform.mk
@@ -46,16 +46,23 @@
$(error "No boot device driver is enabled")
endif
-$(eval $(call assert_boolean,STM32MP_EMMC))
-$(eval $(call assert_boolean,STM32MP_SDMMC))
-$(eval $(call assert_boolean,STM32MP_RAW_NAND))
-$(eval $(call assert_boolean,STM32MP_SPI_NAND))
-$(eval $(call assert_boolean,STM32MP_SPI_NOR))
-$(eval $(call add_define,STM32MP_EMMC))
-$(eval $(call add_define,STM32MP_SDMMC))
-$(eval $(call add_define,STM32MP_RAW_NAND))
-$(eval $(call add_define,STM32MP_SPI_NAND))
-$(eval $(call add_define,STM32MP_SPI_NOR))
+$(eval $(call assert_booleans,\
+ $(sort \
+ STM32MP_EMMC \
+ STM32MP_SDMMC \
+ STM32MP_RAW_NAND \
+ STM32MP_SPI_NAND \
+ STM32MP_SPI_NOR \
+)))
+
+$(eval $(call add_defines,\
+ $(sort \
+ STM32MP_EMMC \
+ STM32MP_SDMMC \
+ STM32MP_RAW_NAND \
+ STM32MP_SPI_NAND \
+ STM32MP_SPI_NOR \
+)))
PLAT_INCLUDES := -Iplat/st/common/include/
PLAT_INCLUDES += -Iplat/st/stm32mp1/include/
diff --git a/services/spd/trusty/smcall.h b/services/spd/trusty/smcall.h
index 9c1c38c..c66f7db 100644
--- a/services/spd/trusty/smcall.h
+++ b/services/spd/trusty/smcall.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -71,4 +72,11 @@
#define SMC_YC_VDEV_KICK_VQ SMC_YIELDCALL_NR(SMC_ENTITY_TRUSTED_OS, 24U)
#define SMC_YC_SET_ROT_PARAMS SMC_YIELDCALL_NR(SMC_ENTITY_TRUSTED_OS, 65535U)
+/*
+ * Standard Trusted OS Function IDs that fall under Trusted OS call range
+ * according to SMC calling convention
+ */
+#define SMC_FC64_GET_UUID SMC_FASTCALL64_NR(63U, 0xFF01U) /* Implementation UID */
+#define SMC_FC_GET_UUID SMC_FASTCALL_NR(63U, 0xFF01U) /* Implementation.UID */
+
#endif /* SMCALL_H */
diff --git a/services/spd/trusty/trusty.c b/services/spd/trusty/trusty.c
index b10da76..e102b82 100644
--- a/services/spd/trusty/trusty.c
+++ b/services/spd/trusty/trusty.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,11 +17,18 @@
#include <common/debug.h>
#include <common/runtime_svc.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/smccc.h>
#include <plat/common/platform.h>
+#include <tools_share/uuid.h>
#include "sm_err.h"
#include "smcall.h"
+/* Trusty UID: RFC-4122 compliant UUID version 4 */
+DEFINE_SVC_UUID2(trusty_uuid,
+ 0x40ee25f0, 0xa2bc, 0x304c, 0x8c, 0x4c,
+ 0xa1, 0x73, 0xc5, 0x7d, 0x8a, 0xf1);
+
/* macro to check if Hypervisor is enabled in the HCR_EL2 register */
#define HYP_ENABLE_FLAG 0x286001U
@@ -256,6 +264,11 @@
SMC_RET1(handle, SMC_UNK);
} else {
switch (smc_fid) {
+ case SMC_FC64_GET_UUID:
+ case SMC_FC_GET_UUID:
+ /* provide the UUID for the service to the client */
+ SMC_UUID_RET(handle, trusty_uuid);
+ break;
case SMC_FC64_SET_FIQ_HANDLER:
return trusty_set_fiq_handler(handle, x1, x2, x3);
case SMC_FC64_GET_FIQ_REGS:
@@ -263,6 +276,12 @@
case SMC_FC_FIQ_EXIT:
return trusty_fiq_exit(handle, x1, x2, x3);
default:
+ /* Not all OENs greater than SMC_ENTITY_SECURE_MONITOR are supported */
+ if (SMC_ENTITY(smc_fid) > SMC_ENTITY_SECURE_MONITOR) {
+ VERBOSE("%s: unsupported SMC FID (0x%x)\n", __func__, smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+
if (is_hypervisor_mode())
vmid = SMC_GET_GP(handle, CTX_GPREG_X7);
@@ -502,7 +521,7 @@
trusty_fast,
OEN_TOS_START,
- SMC_ENTITY_SECURE_MONITOR,
+ OEN_TOS_END,
SMC_TYPE_FAST,
trusty_setup,
trusty_smc_handler
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 6f0d9b1..6aab558 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -46,7 +46,14 @@
******************************************************************************/
spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr)
{
- return &spm_core_context[plat_core_pos_by_mpidr(mpidr)];
+ int core_idx = plat_core_pos_by_mpidr(mpidr);
+
+ if (core_idx < 0) {
+ ERROR("Invalid mpidr: %llx, returned ID: %d\n", mpidr, core_idx);
+ panic();
+ }
+
+ return &spm_core_context[core_idx];
}
/*******************************************************************************
@@ -249,7 +256,6 @@
}
SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr);
- assert(spmc_ep_info->pc == BL32_BASE);
/*
* Populate SPSR for SPM Core based upon validated parameters from the
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 418e06c..0ec08b0 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -7,6 +7,7 @@
PLAT := none
V ?= 0
DEBUG := 0
+CRTTOOL ?= cert_create${BIN_EXT}
BINARY := $(notdir ${CRTTOOL})
OPENSSL_DIR := /usr
COT := tbbr
diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
index ebbc66a..6eb6fae 100644
--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
@@ -7,6 +7,7 @@
V ?= 0
BUILD_INFO ?= 1
DEBUG := 0
+ENCTOOL ?= encrypt_fw${BIN_EXT}
BINARY := $(notdir ${ENCTOOL})
OPENSSL_DIR := /usr
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 0ede6ce..df8ab5c 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -8,6 +8,7 @@
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+FIPTOOL ?= fiptool${BIN_EXT}
PROJECT := $(notdir ${FIPTOOL})
OBJECTS := fiptool.o tbbr_config.o
V ?= 0
diff --git a/tools/fiptool/Makefile.msvc b/tools/fiptool/Makefile.msvc
index 58dbb89..9081bc6 100644
--- a/tools/fiptool/Makefile.msvc
+++ b/tools/fiptool/Makefile.msvc
@@ -1,30 +1,37 @@
-#
-# Copyright (c) 2019, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-
-CC = cl.exe
-LD = link.exe
-
-FIPTOOL = fiptool.exe
-OBJECTS = fiptool.obj tbbr_config.obj win_posix.obj
-
-INC = -I. -I..\..\include\tools_share
-CFLAGS = $(CFLAGS) /nologo /Za /Zi /c /O2 /MT
-
-all: $(FIPTOOL)
-
-$(FIPTOOL): $(OBJECTS)
- $(LD) /INCREMENTAL:NO /debug /nodefaultlib:libc.lib /out:$@ $(LIBS) $**
-
-.PHONY: clean realclean
-
-clean:
- del /f /q $(OBJECTS) > nul
-
-realclean:
- del /f /q $(OBJECTS) $(FIPTOOL) > nul
-
-.c.obj:
- $(CC) -c $(CFLAGS) $(INC) $< -Fo$@
+#
+# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+CC = cl.exe
+LD = link.exe
+
+# FIPTOOLPATH and FIPTOOL are passed from the main makefile.
+
+OBJECTS = $(FIPTOOLPATH)\fiptool.obj \
+ $(FIPTOOLPATH)\tbbr_config.obj \
+ $(FIPTOOLPATH)\win_posix.obj
+
+INC = -I$(FIPTOOLPATH) -Iinclude\tools_share
+
+CFLAGS = $(CFLAGS) /nologo /Za /Zi /c /O2 /MT
+
+all: $(FIPTOOL)
+
+$(FIPTOOL): $(OBJECTS)
+ $(LD) /nologo /INCREMENTAL:NO /debug /nodefaultlib:libc.lib /out:$@ $(LIBS) $**
+
+.PHONY: clean realclean
+
+clean:
+ -@del /f /q $(OBJECTS) > nul
+ -@del /f /q $(FIPTOOLPATH)\*.pdb > nul
+
+realclean:
+ -@del /f /q $(OBJECTS) > nul
+ -@del /f /q $(FIPTOOLPATH)\*.pdb > nul
+ -@del /f /q $(FIPTOOL) > nul
+
+.c.obj:
+ $(CC) -c $(CFLAGS) $(INC) $< -Fo$@
diff --git a/tools/fiptool/win_posix.c b/tools/fiptool/win_posix.c
index 48feb16..33b44d4 100644
--- a/tools/fiptool/win_posix.c
+++ b/tools/fiptool/win_posix.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017 - 2020, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -137,7 +137,8 @@
* Note that we only match over the shorter length of the pair, to allow
* for abbreviation or say --match=value
* Long option names may be abbreviated if the abbreviation is unique or an
- * exact match for some defined option.
+ * exact match for some defined option. This function does not check that the
+ * abbreviations are unique and should be handled by the caller.
* A long option may take a parameter, of the form --opt=param or --opt param.
*/
static
@@ -160,42 +161,72 @@
{
int result = RET_UNKNOWN_OPT;
size_t loptn = 0;
+ bool match_found = false;
- while (longopts[loptn].name != 0) {
- if (optmatch(optname, longopts[loptn].name) == 0) {
- /* We found a match. */
- result = longopts[loptn].val;
- if (indexptr != 0)
- *indexptr = loptn;
- switch (longopts[loptn].has_arg) {
- case required_argument:
- if ((optind + 1) >= argc) {
- /* Missing argument. */
- optopt = result;
- return RET_NO_PARAM;
- }
- /* Fallthrough to get option value. */
+ /*
+ * Long option names may be abbreviated if the abbreviation
+ * is unique or an exact match for some defined option.
+ * To handle this:
+ * - First search for an exact match.
+ * - If exact match was not found search for a abbreviated match.
+ * By doing this an incorrect option selection can be avoided.
+ */
- case optional_argument:
- if ((argc - optind) > 0) {
- /* Found argument. */
- optarg = argv[++optind];
- }
- /* Fallthrough to handle flag. */
+ /* 1. Search for an exact match. */
+ while (longopts[loptn].name != NULL) {
+ if (strcmp(optname, longopts[loptn].name) == 0) {
+ match_found = true;
+ break;
+ }
+ ++loptn;
+ }
- case no_argument:
- optind++;
- if (longopts[loptn].flag != 0) {
- *longopts[loptn].flag = result;
- result = 0;
- }
+ /* 2. If exact match was not found search for a abbreviated match. */
+ if (!match_found) {
+ loptn = 0;
+ while (longopts[loptn].name != NULL) {
+ if (optmatch(optname, longopts[loptn].name) == 0) {
+ match_found = true;
break;
+ }
+ ++loptn;
+ }
+ }
+
+ if (match_found) {
+ /* We found a match. */
+ result = longopts[loptn].val;
+ if (indexptr != 0) {
+ *indexptr = loptn;
+ }
+ switch (longopts[loptn].has_arg) {
+ case required_argument:
+ if ((optind + 1) >= argc) {
+ /* Missing argument. */
+ optopt = result;
+ return RET_NO_PARAM;
+ }
+ /* Fallthrough to get option value. */
+ case optional_argument:
+ if ((argc - optind) > 0) {
+ /* Found argument. */
+ optarg = argv[++optind];
}
- return result;
+ /* Fallthrough to handle flag. */
+
+ case no_argument:
+ optind++;
+ if (longopts[loptn].flag != 0) {
+ *longopts[loptn].flag = result;
+ result = 0;
+ }
+ break;
+
}
- ++loptn;
+ return result;
}
+
/*
* If getopt finds an option character in argv that was not included
* in options, ... it returns '?' and sets the external variable
diff --git a/tools/fiptool/win_posix.h b/tools/fiptool/win_posix.h
index 836ffed..6f0d8e6 100644
--- a/tools/fiptool/win_posix.h
+++ b/tools/fiptool/win_posix.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,13 +9,15 @@
#define _CRT_SECURE_NO_WARNINGS
-#include <direct.h>
-#include <io.h>
+#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
+#include <direct.h>
+#include <io.h>
+
#include "uuid.h"
/* Derive or provide Windows equivalents of Posix/GCC/Unix stuff. */
diff --git a/tools/sptool/Makefile b/tools/sptool/Makefile
index f724c26..1fa85fb 100644
--- a/tools/sptool/Makefile
+++ b/tools/sptool/Makefile
@@ -8,6 +8,7 @@
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+SPTOOL ?= sptool${BIN_EXT}
PROJECT := $(notdir ${SPTOOL})
OBJECTS := sptool.o
V ?= 0