Merge "spmd: remove assert for SPMC PC value" into integration
diff --git a/Makefile b/Makefile
index af829f2..6797c4d 100644
--- a/Makefile
+++ b/Makefile
@@ -1157,7 +1157,13 @@
clean:
@echo " CLEAN"
$(call SHELL_REMOVE_DIR,${BUILD_PLAT})
+ifdef UNIX_MK
${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
+else
+# Clear the MAKEFLAGS as we do not want
+# to pass the gnumake flags to nmake.
+ ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) clean
+endif
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} clean
${Q}${MAKE} --no-print-directory -C ${ROMLIBPATH} clean
@@ -1166,7 +1172,13 @@
@echo " REALCLEAN"
$(call SHELL_REMOVE_DIR,${BUILD_BASE})
$(call SHELL_DELETE_ALL, ${CURDIR}/cscope.*)
+ifdef UNIX_MK
${Q}${MAKE} --no-print-directory -C ${FIPTOOLPATH} clean
+else
+# Clear the MAKEFLAGS as we do not want
+# to pass the gnumake flags to nmake.
+ ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL)) realclean
+endif
${Q}${MAKE} --no-print-directory -C ${SPTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${CRTTOOLPATH} clean
${Q}${MAKE} PLAT=${PLAT} --no-print-directory -C ${ENCTOOLPATH} realclean
@@ -1252,7 +1264,16 @@
.PHONY: ${FIPTOOL}
${FIPTOOL}:
+ @${ECHO_BLANK_LINE}
+ @echo "Building $@"
+ifdef UNIX_MK
${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH}
+else
+# Clear the MAKEFLAGS as we do not want
+# to pass the gnumake flags to nmake.
+ ${Q}set MAKEFLAGS= && ${MSVC_NMAKE} /nologo /f ${FIPTOOLPATH}/Makefile.msvc FIPTOOLPATH=$(subst /,\,$(FIPTOOLPATH)) FIPTOOL=$(subst /,\,$(FIPTOOL))
+endif
+ @${ECHO_BLANK_LINE}
sptool: ${SPTOOL}
.PHONY: ${SPTOOL}
diff --git a/bl1/aarch64/bl1_context_mgmt.c b/bl1/aarch64/bl1_context_mgmt.c
index fec513d..87e367c 100644
--- a/bl1/aarch64/bl1_context_mgmt.c
+++ b/bl1/aarch64/bl1_context_mgmt.c
@@ -14,12 +14,6 @@
#include "../bl1_private.h"
-/*
- * Following array will be used for context management.
- * There are 2 instances, for the Secure and Non-Secure contexts.
- */
-static cpu_context_t bl1_cpu_context[2];
-
/* Following contains the cpu context pointers. */
static void *bl1_cpu_context_ptr[2];
@@ -42,6 +36,13 @@
******************************************************************************/
void bl1_prepare_next_image(unsigned int image_id)
{
+
+ /*
+ * Following array will be used for context management.
+ * There are 2 instances, for the Secure and Non-Secure contexts.
+ */
+ static cpu_context_t bl1_cpu_context[2];
+
unsigned int security_state, mode = MODE_EL1;
image_desc_t *desc;
entry_point_info_t *next_bl_ep;
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index 1479a96..fd60232 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -24,11 +24,6 @@
#include "bl1_private.h"
-/* BL1 Service UUID */
-DEFINE_SVC_UUID2(bl1_svc_uid,
- U(0xd46739fd), 0xcb72, 0x9a4d, 0xb5, 0x75,
- 0x67, 0x15, 0xd6, 0xf4, 0xbb, 0x4a);
-
static void bl1_load_bl2(void);
#if ENABLE_PAUTH
@@ -234,6 +229,11 @@
void *handle,
unsigned int flags)
{
+ /* BL1 Service UUID */
+ DEFINE_SVC_UUID2(bl1_svc_uid,
+ U(0xd46739fd), 0xcb72, 0x9a4d, 0xb5, 0x75,
+ 0x67, 0x15, 0xd6, 0xf4, 0xbb, 0x4a);
+
#if TRUSTED_BOARD_BOOT
/*
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index a628704..ab2d3f9 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -64,8 +64,8 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:M: Javier Almansa Sobrino <Javier.AlmansaSobrino@arm.com>
:G: `javieralso-arm`_
-:M: Jack Bond-Preston <Jack.Bond-Preston@arm.com>
-:G: `jackbondpreston-arm`_
+:M: Chris Kay <chris.kay@arm.com>
+:G: `CJkay`_
:F: /
Software Delegated Exception Interface (SDEI)
@@ -523,8 +523,7 @@
UniPhier platform port
^^^^^^^^^^^^^^^^^^^^^^
-:M: Masahiro Yamada <yamada.masahiro@socionext.com>
-:G: `masahir0y`_
+:M: Orphan
:F: docs/plat/socionext-uniphier.rst
:F: plat/socionext/uniphier/
@@ -648,6 +647,6 @@
.. _madhukar-Arm: https://github.com/madhukar-Arm
.. _john-powell-arm: https://github.com/john-powell-arm
.. _raghuncstate: https://github.com/raghuncstate
-.. _jackbondpreston-arm: https://github.com/jackbondpreston-arm
+.. _CJKay: https://github.com/cjkay
.. _Project Maintenance Process: https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index c58cd08..9a65e64 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -283,18 +283,25 @@
paths to the SP binary image and associated DTS partition manifest file.
The latter is going through the dtc compiler to generate the dtb fed into
the SP package.
+This file also specifies the owner of the SP, which is an optional field and
+identifies the signing domain in case of dualroot CoT.
+The possible owner of an SP could either be Silicon Provider or Platform, and
+the corresponding "owner" field value could either be "SiP" or "Plat".
+In absence of "owner" field, it defaults to "SiP".
.. code:: shell
{
"tee1" : {
"image": "tee1.bin",
- "pm": "tee1.dts"
+ "pm": "tee1.dts",
+ "owner": "SiP"
},
"tee2" : {
"image": "tee2.bin",
- "pm": "tee2.dts"
+ "pm": "tee2.dts",
+ "owner": "Plat"
}
}
@@ -376,8 +383,9 @@
The multiple-signing domain feature (in current state dual signing domain) allows
the use of two root keys namely S-ROTPK and NS-ROTPK (see `[8]`_):
-- SPMC(BL32), SPMC manifest, SPs may be signed by the SiP using the S-ROTPK.
+- SPMC (BL32) and SPMC manifest are signed by the SiP using the S-ROTPK.
- BL33 may be signed by the OEM using NS-ROTPK.
+- An SP may be signed either by SiP (using S-ROTPK) or by OEM (using NS-ROTPK).
Longer term multiple signing domain will allow additional signing keys, e.g.
if SPs originate from different parties.
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 33b5090..3c0e30f 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -294,6 +294,9 @@
- ``ERRATA_N1_1542419``: This applies errata 1542419 workaround to Neoverse-N1
CPU. This needs to be enabled only for revisions r3p0 - r4p0 of the CPU.
+- ``ERRATA_N1_1868343``: This applies errata 1868343 workaround to Neoverse-N1
+ CPU. This needs to be enabled only for revision <= r4p0 of the CPU.
+
DSU Errata Workarounds
----------------------
diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index a357d58..c12e73f 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -369,7 +369,7 @@
For AArch64, BL2 performs the minimal architectural initialization required
for subsequent stages of TF-A and normal world software. EL1 and EL0 are given
-access to Floating Point and Advanced SIMD registers by clearing the
+access to Floating Point and Advanced SIMD registers by setting the
``CPACR.FPEN`` bits.
For AArch32, the minimal architectural initialization required for subsequent
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst
index 9708604..ef319e4 100644
--- a/docs/process/coding-guidelines.rst
+++ b/docs/process/coding-guidelines.rst
@@ -19,6 +19,7 @@
Use of the EditorConfig file is suggested but is not required.
+.. _automatic-compliance-checking:
Automatic Compliance Checking
-----------------------------
@@ -441,6 +442,25 @@
These guidelines should be updated if additional types are needed.
+Favor C language over assembly language
+---------------------------------------
+
+Generally, prefer code written in C over assembly. Assembly code is less
+portable, harder to understand, maintain and audit security wise. Also, static
+analysis tools generally don't analyze assembly code.
+
+There are, however, legitimate uses of assembly language. These include:
+
+ - Early boot code executed before the C runtime environment is setup.
+
+ - Exception handling code.
+
+ - Low-level code where the exact sequence of instructions executed on the CPU
+ matters, such as CPU reset sequences.
+
+ - Low-level code where specific system-level instructions must be used, such
+ as cache maintenance operations.
+
--------------
*Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst
index bdfb6d6..0b3b848 100644
--- a/docs/process/contributing.rst
+++ b/docs/process/contributing.rst
@@ -29,19 +29,53 @@
- Make commits of logical units. See these general `Git guidelines`_ for
contributing to a project.
-- Follow the :ref:`Coding Style` and :ref:`Coding Guidelines`.
-
- - Use the checkpatch.pl script provided with the Linux source tree. A
- Makefile target is provided for convenience.
-
- Keep the commits on topic. If you need to fix another bug or make another
enhancement, please address it on a separate topic branch.
+- Split the patch in manageable units. Small patches are usually easier to
+ review so this will speed up the review process.
+
- Avoid long commit series. If you do have a long series, consider whether
some commits should be squashed together or addressed in a separate topic.
-- Make sure your commit messages are in the proper format. If a commit fixes
- an `issue`_, include a reference.
+- Ensure that each commit in the series has at least one ``Signed-off-by:``
+ line, using your real name and email address. The names in the
+ ``Signed-off-by:`` and ``Commit:`` lines must match. By adding this line the
+ contributor certifies the contribution is made under the terms of the
+ :download:`Developer Certificate of Origin <../../dco.txt>`.
+
+ There might be multiple ``Signed-off-by:`` lines, depending on the history
+ of the patch.
+
+ More details may be found in the `Gerrit Signed-off-by Lines guidelines`_.
+
+- Ensure that each commit also has a unique ``Change-Id:`` line. If you have
+ cloned the repository with the "`Clone with commit-msg hook`" clone method
+ (following the :ref:`Prerequisites` document), this should already be the
+ case.
+
+ More details may be found in the `Gerrit Change-Ids documentation`_.
+
+- Write informative and comprehensive commit messages. A good commit message
+ provides all the background information needed for reviewers to understand
+ the intent and rationale of the patch. This information is also useful for
+ future reference.
+
+ For example:
+
+ - What does the patch do?
+ - What motivated it?
+ - What impact does it have?
+ - How was it tested?
+ - Have alternatives been considered? Why did you choose this approach over
+ another one?
+ - If it fixes an `issue`_, include a reference.
+
+- Follow the :ref:`Coding Style` and :ref:`Coding Guidelines`.
+
+ - Use the checkpatch.pl script provided with the Linux source tree. A
+ Makefile target is provided for convenience, see :ref:`this
+ section<automatic-compliance-checking>` for more details.
- Where appropriate, please update the documentation.
@@ -74,49 +108,85 @@
is the year of most recent contribution. <OWNER> is your name or your company
name.
+- Ensure that each patch in the patch series compiles in all supported
+ configurations. Patches which do not compile will not be merged.
+
- Please test your changes. As a minimum, ensure that Linux boots on the
Foundation FVP. See :ref:`Arm Fixed Virtual Platforms (FVP)` for more
information. For more extensive testing, consider running the `TF-A Tests`_
against your patches.
+- Ensure that all CI automated tests pass. Failures should be fixed. They might
+ block a patch, depending on how critical they are.
+
Submitting Changes
------------------
-- Ensure that each commit in the series has at least one ``Signed-off-by:``
- line, using your real name and email address. The names in the
- ``Signed-off-by:`` and ``Author:`` lines must match. If anyone else
- contributes to the commit, they must also add their own ``Signed-off-by:``
- line. By adding this line the contributor certifies the contribution is made
- under the terms of the
- :download:`Developer Certificate of Origin <../../dco.txt>`.
+- Submit your changes for review at https://review.trustedfirmware.org
+ targeting the ``integration`` branch.
- More details may be found in the `Gerrit Signed-off-by Lines guidelines`_.
+- Add reviewers for your patch:
-- Ensure that each commit also has a unique ``Change-Id:`` line. If you have
- cloned the repository with the "`Clone with commit-msg hook`" clone method
- (following the :ref:`Prerequisites` document), this should already be the
- case.
+ - At least one code owner for each module modified by the patch. See the list
+ of modules and their :ref:`code owners`.
- More details may be found in the `Gerrit Change-Ids documentation`_.
+ - At least one maintainer. See the list of :ref:`maintainers`.
-- Submit your changes for review at https://review.trustedfirmware.org
- targeting the ``integration`` branch.
+ - If some module has no code owner, try to identify a suitable (non-code
+ owner) reviewer. Running ``git blame`` on the module's source code can
+ help, as it shows who has been working the most recently on this area of
+ the code.
- - The changes will then undergo further review and testing by the
- :ref:`code owners` and :ref:`maintainers`. Any review comments will be
- made directly on your patch. This may require you to do some rework. For
- controversial changes, the discussion might be moved to the `TF-A mailing
- list`_ to involve more of the community.
+ Alternatively, if it is impractical to identify such a reviewer, you might
+ send an email to the `TF-A mailing list`_ to broadcast your review request
+ to the community.
+
+ Note that self-reviewing a patch is prohibited, even if the patch author is
+ the only code owner of a module modified by the patch. Getting a second pair
+ of eyes on the code is essential to keep up with the quality standards the
+ project aspires to.
+
+- The changes will then undergo further review by the designated people. Any
+ review comments will be made directly on your patch. This may require you to
+ do some rework. For controversial changes, the discussion might be moved to
+ the `TF-A mailing list`_ to involve more of the community.
Refer to the `Gerrit Uploading Changes documentation`_ for more details.
+- The patch submission rules are the following. For a patch to be approved
+ and merged in the tree, it must get:
+
+ - One ``Code-Owner-Review+1`` for each of the modules modified by the patch.
+ - A ``Maintainer-Review+1``.
+
+ In the case where a code owner could not be found for a given module,
+ ``Code-Owner-Review+1`` is substituted by ``Code-Review+1``.
+
+ In addition to these various code review labels, the patch must also get a
+ ``Verified+1``. This is usually set by the Continuous Integration (CI) bot
+ when all automated tests passed on the patch. Sometimes, some of these
+ automated tests may fail for reasons unrelated to the patch. In this case,
+ the maintainers might (after analysis of the failures) override the CI bot
+ score to certify that the patch has been correctly tested.
+
+ In the event where the CI system lacks proper tests for a patch, the patch
+ author or a reviewer might agree to perform additional manual tests
+ in their review and the reviewer incorporates the review of the additional
+ testing in the ``Code-Review+1`` or ``Code-Owner-Review+1`` as applicable to
+ attest that the patch works as expected. Where possible additional tests should
+ be added to the CI system as a follow up task. For example, for a
+ platform-dependent patch where the said platform is not available in the CI
+ system's board farm.
+
- When the changes are accepted, the :ref:`maintainers` will integrate them.
- Typically, the :ref:`maintainers` will merge the changes into the
``integration`` branch.
+
- If the changes are not based on a sufficiently-recent commit, or if they
cannot be automatically rebased, then the :ref:`maintainers` may rebase it
on the ``integration`` branch or ask you to do so.
+
- After final integration testing, the changes will make their way into the
``master`` branch. If a problem is found during integration, the
:ref:`maintainers` will request your help to solve the issue. They may
diff --git a/fdts/corstone700_fpga.dts b/fdts/corstone700_fpga.dts
index 814d6a8..1ac0d4b 100644
--- a/fdts/corstone700_fpga.dts
+++ b/fdts/corstone700_fpga.dts
@@ -20,6 +20,13 @@
reg-io-width = <2>;
smsc,irq-push-pull;
};
+
+ usb: usb@4020000 {
+ compatible = "nxp,usb-isp1763";
+ reg = <0x40200000 0x100000>;
+ interrupt-parent = <&gic>;
+ interrupts = <GIC_SPI 114 IRQ_TYPE_LEVEL_HIGH>;
+ };
};
&refclk {
diff --git a/fdts/cot_descriptors.dtsi b/fdts/cot_descriptors.dtsi
index 9308e17..411bae6 100644
--- a/fdts/cot_descriptors.dtsi
+++ b/fdts/cot_descriptors.dtsi
@@ -6,6 +6,7 @@
#include <tools_share/tbbr_oid.h>
#include <common/tbbr/tbbr_img_def.h>
+#include <common/nv_cntr_ids.h>
cot {
manifests {
@@ -301,18 +302,19 @@
};
};
-non-volatile-counters {
+non_volatile_counters: non_volatile_counters {
compatible = "arm, non-volatile-counter";
#address-cells = <1>;
#size-cells = <0>;
- counters {
- trusted_nv_counter: trusted_nv_counter {
- oid = TRUSTED_FW_NVCOUNTER_OID;
- };
- non_trusted_nv_counter: non_trusted_nv_counter {
- oid = NON_TRUSTED_FW_NVCOUNTER_OID;
- };
+ trusted_nv_counter: trusted_nv_counter {
+ id = <TRUSTED_NV_CTR_ID>;
+ oid = TRUSTED_FW_NVCOUNTER_OID;
+ };
+
+ non_trusted_nv_counter: non_trusted_nv_counter {
+ id = <NON_TRUSTED_NV_CTR_ID>;
+ oid = NON_TRUSTED_FW_NVCOUNTER_OID;
};
};
diff --git a/fdts/tc0.dts b/fdts/tc0.dts
index cab39a7..ac097cd 100644
--- a/fdts/tc0.dts
+++ b/fdts/tc0.dts
@@ -224,7 +224,7 @@
port {
vencoder_in: endpoint {
- remote-endpoint = <&hdlcd_out>;
+ remote-endpoint = <&dp_pl0_out0>;
};
};
@@ -250,7 +250,7 @@
interrupts = <0x0 117 0x4>;
clocks = <&fake_hdlcd_clk>;
clock-names = "pxlclk";
- status = "ok";
+ status = "disabled";
port {
hdlcd_out: endpoint {
@@ -339,7 +339,6 @@
interrupt-names = "DPU";
clocks = <&scmi_clk 0>;
clock-names = "aclk";
- status = "disabled";
pl0: pipeline@0 {
reg = <0>;
clocks = <&scmi_clk 1>;
diff --git a/include/common/nv_cntr_ids.h b/include/common/nv_cntr_ids.h
new file mode 100644
index 0000000..a15c431
--- /dev/null
+++ b/include/common/nv_cntr_ids.h
@@ -0,0 +1,9 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#define TRUSTED_NV_CTR_ID U(0)
+#define NON_TRUSTED_NV_CTR_ID U(1)
+#define MAX_NV_CTR_IDS U(2)
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 3965b58..d1fd52c 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -21,7 +21,7 @@
*/
#define IMG_FLAG_AUTHENTICATED (1 << 0)
-
+#if COT_DESC_IN_DTB && !IMAGE_BL1
/*
* Authentication image descriptor
*/
@@ -29,9 +29,21 @@
unsigned int img_id;
img_type_t img_type;
const struct auth_img_desc_s *parent;
+ auth_method_desc_t *img_auth_methods;
+ auth_param_desc_t *authenticated_data;
+} auth_img_desc_t;
+#else
+/*
+ * Authentication image descriptor
+ */
+typedef struct auth_img_desc_s {
+ unsigned int img_id;
+ img_type_t img_type;
+ const struct auth_img_desc_s *parent;
const auth_method_desc_t *const img_auth_methods;
const auth_param_desc_t *const authenticated_data;
} auth_img_desc_t;
+#endif /* COT_DESC_IN_DTB && !IMAGE_BL1 */
/* Public functions */
void auth_mod_init(void);
diff --git a/include/lib/cpus/aarch64/neoverse_n1.h b/include/lib/cpus/aarch64/neoverse_n1.h
index b50befa..9998b93 100644
--- a/include/lib/cpus/aarch64/neoverse_n1.h
+++ b/include/lib/cpus/aarch64/neoverse_n1.h
@@ -64,4 +64,12 @@
#define CPUPOR_EL3 S3_6_C15_C8_2
#define CPUPMR_EL3 S3_6_C15_C8_3
+/******************************************************************************
+ * CPU Configuration register definitions.
+ *****************************************************************************/
+#define CPUCFR_EL1 S3_0_C15_C0_0
+
+/* SCU bit of CPU Configuration Register, EL1 */
+#define SCU_SHIFT U(2)
+
#endif /* NEOVERSE_N1_H */
diff --git a/include/lib/libc/stdio.h b/include/lib/libc/stdio.h
index 2d9e655..ba13683 100644
--- a/include/lib/libc/stdio.h
+++ b/include/lib/libc/stdio.h
@@ -22,6 +22,7 @@
#ifdef STDARG_H
int vprintf(const char *fmt, va_list args);
+int vsnprintf(char *s, size_t n, const char *fmt, va_list args);
#endif
int putchar(int c);
diff --git a/include/lib/libc/string.h b/include/lib/libc/string.h
index 71774b0..91cbafb 100644
--- a/include/lib/libc/string.h
+++ b/include/lib/libc/string.h
@@ -4,7 +4,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
/*
- * Portions copyright (c) 2018-2019, ARM Limited and Contributors.
+ * Portions copyright (c) 2018-2020, ARM Limited and Contributors.
* All rights reserved.
*/
@@ -26,5 +26,6 @@
size_t strnlen(const char *s, size_t maxlen);
char *strrchr(const char *p, int ch);
size_t strlcpy(char * dst, const char * src, size_t dsize);
+size_t strlcat(char * dst, const char * src, size_t dsize);
#endif /* STRING_H */
diff --git a/include/lib/psci/psci_lib.h b/include/lib/psci/psci_lib.h
index 76c1a8d..1ac45ad 100644
--- a/include/lib/psci/psci_lib.h
+++ b/include/lib/psci/psci_lib.h
@@ -89,6 +89,8 @@
void psci_register_spd_pm_hook(const spd_pm_ops_t *pm);
void psci_prepare_next_non_secure_ctx(
entry_point_info_t *next_image_info);
+int psci_stop_other_cores(unsigned int wait_ms,
+ void (*stop_func)(u_register_t mpidr));
#endif /* __ASSEMBLER__ */
#endif /* PSCI_LIB_H */
diff --git a/include/plat/arm/common/fconf_nv_cntr_getter.h b/include/plat/arm/common/fconf_nv_cntr_getter.h
new file mode 100644
index 0000000..80a6000
--- /dev/null
+++ b/include/plat/arm/common/fconf_nv_cntr_getter.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef FCONF_NV_CNTR_GETTER_H
+#define FCONF_NV_CNTR_GETTER_H
+
+#include <common/nv_cntr_ids.h>
+#include <lib/fconf/fconf.h>
+
+#define cot__nv_cntr_addr_getter(id) nv_cntr_base_addr[id]
+
+extern uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
+
+#endif /* FCONF_NV_CNTR_GETTER_H */
diff --git a/include/tools_share/tbbr_oid.h b/include/tools_share/tbbr_oid.h
index 37d87d3..c789f79 100644
--- a/include/tools_share/tbbr_oid.h
+++ b/include/tools_share/tbbr_oid.h
@@ -7,6 +7,8 @@
#ifndef TBBR_OID_H
#define TBBR_OID_H
+#define MAX_OID_NAME_LEN 30
+
/*
* The following is a list of OID values defined and reserved by ARM, which
* are used to define the extension fields of the certificate structure, as
diff --git a/lib/cpus/aarch64/denver.S b/lib/cpus/aarch64/denver.S
index 83427b8..224ee26 100644
--- a/lib/cpus/aarch64/denver.S
+++ b/lib/cpus/aarch64/denver.S
@@ -161,13 +161,19 @@
* ----------------------------------------------------
*/
func denver_enable_dco
+ /* DCO is not supported on PN5 and later */
+ mrs x1, midr_el1
+ mov_imm x2, DENVER_MIDR_PN4
+ cmp x1, x2
+ b.hi 1f
+
mov x18, x30
bl plat_my_core_pos
mov x1, #1
lsl x1, x1, x0
msr s3_0_c15_c0_2, x1
mov x30, x18
- ret
+1: ret
endfunc denver_enable_dco
/* ----------------------------------------------------
@@ -175,10 +181,14 @@
* ----------------------------------------------------
*/
func denver_disable_dco
-
- mov x18, x30
+ /* DCO is not supported on PN5 and later */
+ mrs x1, midr_el1
+ mov_imm x2, DENVER_MIDR_PN4
+ cmp x1, x2
+ b.hi 2f
/* turn off background work */
+ mov x18, x30
bl plat_my_core_pos
mov x1, #1
lsl x1, x1, x0
@@ -194,7 +204,7 @@
cbnz x2, 1b
mov x30, x18
- ret
+2: ret
endfunc denver_disable_dco
func check_errata_cve_2017_5715
diff --git a/lib/cpus/aarch64/dsu_helpers.S b/lib/cpus/aarch64/dsu_helpers.S
index 100ffaa..da052d5 100644
--- a/lib/cpus/aarch64/dsu_helpers.S
+++ b/lib/cpus/aarch64/dsu_helpers.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -72,18 +72,36 @@
* This function is called from both assembly and C environment. So it
* follows AAPCS.
*
- * Clobbers: x0-x3
+ * Clobbers: x0-x15
* -----------------------------------------------------------------------
*/
.globl check_errata_dsu_936184
.globl errata_dsu_936184_wa
+ .weak is_scu_present_in_dsu
+
+ /* --------------------------------------------------------------------
+ * Default behaviour respresents SCU is always present with DSU.
+ * CPUs can override this definition if required.
+ *
+ * Can clobber only: x0-x14
+ * --------------------------------------------------------------------
+ */
+func is_scu_present_in_dsu
+ mov x0, #1
+ ret
+endfunc is_scu_present_in_dsu
func check_errata_dsu_936184
- mov x2, #ERRATA_NOT_APPLIES
- mov x3, #ERRATA_APPLIES
+ mov x15, x30
+ bl is_scu_present_in_dsu
+ cmp x0, xzr
+ /* Default error status */
+ mov x0, #ERRATA_NOT_APPLIES
+
+ /* If SCU is not present, return without applying patch */
+ b.eq 1f
/* Erratum applies only if DSU has the ACP interface */
- mov x0, x2
mrs x1, CLUSTERCFR_EL1
ubfx x1, x1, #CLUSTERCFR_ACP_SHIFT, #1
cbz x1, 1f
@@ -92,13 +110,13 @@
mrs x1, CLUSTERIDR_EL1
/* DSU variant and revision bitfields in CLUSTERIDR are adjacent */
- ubfx x0, x1, #CLUSTERIDR_REV_SHIFT,\
+ ubfx x2, x1, #CLUSTERIDR_REV_SHIFT,\
#(CLUSTERIDR_REV_BITS + CLUSTERIDR_VAR_BITS)
- mov x1, #(0x2 << CLUSTERIDR_VAR_SHIFT)
- cmp x0, x1
- csel x0, x2, x3, hs
+ cmp x2, #(0x2 << CLUSTERIDR_VAR_SHIFT)
+ b.hs 1f
+ mov x0, #ERRATA_APPLIES
1:
- ret
+ ret x15
endfunc check_errata_dsu_936184
/* --------------------------------------------------
diff --git a/lib/cpus/aarch64/neoverse_n1.S b/lib/cpus/aarch64/neoverse_n1.S
index d537ed6..03ee472 100644
--- a/lib/cpus/aarch64/neoverse_n1.S
+++ b/lib/cpus/aarch64/neoverse_n1.S
@@ -22,6 +22,19 @@
#endif
.global neoverse_n1_errata_ic_trap_handler
+ .global is_scu_present_in_dsu
+
+/*
+ * Check DSU is configured with SCU and L3 unit
+ * 1-> SCU present
+ * 0-> SCU not present
+ */
+func is_scu_present_in_dsu
+ mrs x0, CPUCFR_EL1
+ ubfx x0, x0, #SCU_SHIFT, #1
+ eor x0, x0, #1
+ ret
+endfunc is_scu_present_in_dsu
/* --------------------------------------------------
* Errata Workaround for Neoverse N1 Erratum 1043202.
@@ -375,6 +388,38 @@
b cpu_rev_var_range
endfunc check_errata_1542419
+ /* --------------------------------------------------
+ * Errata Workaround for Neoverse N1 Errata #1868343.
+ * This applies to revision <= r4p0 of Neoverse N1.
+ * This workaround is the same as the workaround for
+ * errata 1262606 and 1275112 but applies to a wider
+ * revision range.
+ * Inputs:
+ * x0: variant[4:7] and revision[0:3] of current cpu.
+ * Shall clobber: x0-x17
+ * --------------------------------------------------
+ */
+func errata_n1_1868343_wa
+ /*
+ * Compare x0 against revision r4p0
+ */
+ mov x17, x30
+ bl check_errata_1868343
+ cbz x0, 1f
+ mrs x1, NEOVERSE_N1_CPUACTLR_EL1
+ orr x1, x1, NEOVERSE_N1_CPUACTLR_EL1_BIT_13
+ msr NEOVERSE_N1_CPUACTLR_EL1, x1
+ isb
+1:
+ ret x17
+endfunc errata_n1_1868343_wa
+
+func check_errata_1868343
+ /* Applies to everything <= r4p0 */
+ mov x1, #0x40
+ b cpu_rev_var_ls
+endfunc check_errata_1868343
+
func neoverse_n1_reset_func
mov x19, x30
@@ -449,6 +494,11 @@
bl errata_n1_1542419_wa
#endif
+#if ERRATA_N1_1868343
+ mov x0, x18
+ bl errata_n1_1868343_wa
+#endif
+
#if ENABLE_AMU
/* Make sure accesses from EL0/EL1 and EL2 are not trapped to EL3 */
mrs x0, actlr_el3
@@ -522,6 +572,7 @@
report_errata ERRATA_N1_1275112, neoverse_n1, 1275112
report_errata ERRATA_N1_1315703, neoverse_n1, 1315703
report_errata ERRATA_N1_1542419, neoverse_n1, 1542419
+ report_errata ERRATA_N1_1868343, neoverse_n1, 1868343
report_errata ERRATA_DSU_936184, neoverse_n1, dsu_936184
ldp x8, x30, [sp], #16
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 8fc3b60..7cd8ed9 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -334,6 +334,10 @@
# to revisions r3p0 - r4p0 of the Neoverse N1 cpu.
ERRATA_N1_1542419 ?=0
+# Flag to apply erratum 1868343 workaround during reset. This erratum applies
+# to revision <= r4p0 of the Neoverse N1 cpu.
+ERRATA_N1_1868343 ?=0
+
# Flag to apply DSU erratum 798953. This erratum applies to DSUs revision r0p0.
# Applying the workaround results in higher DSU power consumption on idle.
ERRATA_DSU_798953 ?=0
@@ -603,6 +607,10 @@
$(eval $(call assert_boolean,ERRATA_N1_1542419))
$(eval $(call add_define,ERRATA_N1_1542419))
+# Process ERRATA_N1_1868343 flag
+$(eval $(call assert_boolean,ERRATA_N1_1868343))
+$(eval $(call add_define,ERRATA_N1_1868343))
+
# Process ERRATA_DSU_798953 flag
$(eval $(call assert_boolean,ERRATA_DSU_798953))
$(eval $(call add_define,ERRATA_DSU_798953))
diff --git a/lib/extensions/spe/spe.c b/lib/extensions/spe/spe.c
index 78876c6..f0d7342 100644
--- a/lib/extensions/spe/spe.c
+++ b/lib/extensions/spe/spe.c
@@ -25,7 +25,7 @@
uint64_t features;
features = read_id_aa64dfr0_el1() >> ID_AA64DFR0_PMS_SHIFT;
- return (features & ID_AA64DFR0_PMS_MASK) == 1U;
+ return (features & ID_AA64DFR0_PMS_MASK) > 0ULL;
}
void spe_enable(bool el2_unused)
diff --git a/lib/fconf/fconf_cot_getter.c b/lib/fconf/fconf_cot_getter.c
new file mode 100644
index 0000000..adfa534
--- /dev/null
+++ b/lib/fconf/fconf_cot_getter.c
@@ -0,0 +1,497 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+#include <stddef.h>
+
+#include <common/fdt_wrappers.h>
+#include <drivers/auth/mbedtls/mbedtls_config.h>
+#include <drivers/auth/auth_mod.h>
+#include <lib/fconf/fconf.h>
+#include <lib/object_pool.h>
+#include <libfdt.h>
+
+#include <tools_share/tbbr_oid.h>
+
+/* static structures used during authentication process */
+static auth_param_type_desc_t sig = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_SIG, 0);
+static auth_param_type_desc_t sig_alg = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_SIG_ALG, 0);
+static auth_param_type_desc_t raw_data = AUTH_PARAM_TYPE_DESC(
+ AUTH_PARAM_RAW_DATA, 0);
+
+/* pointers to an array of CoT descriptors */
+static const auth_img_desc_t *cot_desc[MAX_NUMBER_IDS];
+/* array of CoT descriptors */
+static auth_img_desc_t auth_img_descs[MAX_NUMBER_IDS];
+
+/* array of authentication methods structures */
+static auth_method_desc_t auth_methods[MAX_NUMBER_IDS * AUTH_METHOD_NUM];
+static OBJECT_POOL_ARRAY(auth_methods_pool, auth_methods);
+
+/* array of authentication params structures */
+static auth_param_desc_t auth_params[MAX_NUMBER_IDS * COT_MAX_VERIFIED_PARAMS];
+static OBJECT_POOL_ARRAY(auth_params_pool, auth_params);
+
+/* array of authentication param type structures */
+static auth_param_type_desc_t auth_param_type_descs[MAX_NUMBER_IDS];
+static OBJECT_POOL_ARRAY(auth_param_type_descs_pool, auth_param_type_descs);
+
+/*
+ * array of OIDs
+ * Object IDs are used to search hash, pk, counter values in certificate.
+ * As per binding we have below 2 combinations:
+ * 1. Certificates are validated using nv-cntr and pk
+ * 2. Raw images are authenticated using hash
+ * Hence in worst case, there are maximum 2 OIDs per image/certificate
+ */
+static unsigned char oids[(MAX_NUMBER_IDS * 2)][MAX_OID_NAME_LEN];
+static OBJECT_POOL_ARRAY(oid_pool, oids);
+
+/* An array of auth buffer which holds hashes and pk
+ * ToDo: Size decided with the current number of images and
+ * certificates which are available in CoT. Size of these buffers bound to
+ * increase in the future on the addition of images/certificates.
+ */
+static unsigned char hash_auth_bufs[20][HASH_DER_LEN];
+static OBJECT_POOL_ARRAY(hash_auth_buf_pool, hash_auth_bufs);
+static unsigned char pk_auth_bufs[12][PK_DER_LEN];
+static OBJECT_POOL_ARRAY(pk_auth_buf_pool, pk_auth_bufs);
+
+/*******************************************************************************
+ * update_parent_auth_data() - Update authentication data structure
+ * @auth_desc[in]: Pointer to the auth image descriptor
+ * @type_desc[in]: Pointer to authentication parameter
+ * @auth_buf_size[in]: Buffer size to hold pk or hash
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int update_parent_auth_data(const auth_img_desc_t *auth_desc,
+ auth_param_type_desc_t *type_desc,
+ unsigned int auth_buf_size)
+{
+ unsigned int i;
+ auth_param_desc_t *auth_data = &auth_desc->authenticated_data[0];
+ unsigned char *auth_buf;
+
+ for (i = 0U; i < COT_MAX_VERIFIED_PARAMS; i++) {
+ if (auth_data[i].type_desc == type_desc) {
+ return 0;
+ }
+ if (auth_data[i].type_desc == NULL) {
+ break;
+ }
+ }
+
+ if (auth_buf_size == HASH_DER_LEN) {
+ auth_buf = pool_alloc(&hash_auth_buf_pool);
+ } else if (auth_buf_size == PK_DER_LEN) {
+ auth_buf = pool_alloc(&pk_auth_buf_pool);
+ } else {
+ return -1;
+ }
+
+ if (i < COT_MAX_VERIFIED_PARAMS) {
+ auth_data[i].type_desc = type_desc;
+ auth_data[i].data.ptr = auth_buf;
+ auth_data[i].data.len = auth_buf_size;
+ } else {
+ ERROR("Out of authentication data array\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * get_auth_param_type_desc() - Get pointer of authentication parameter
+ * @img_id[in]: Image Id
+ * @type_desc[out]: Pointer to authentication parameter
+ * @buf_size[out]: Buffer size which hold hash/pk
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int get_auth_param_type_desc(unsigned int img_id,
+ auth_param_type_desc_t **type_desc,
+ unsigned int *buf_size)
+{
+ auth_method_desc_t *img_auth_method = NULL;
+ img_type_t type = auth_img_descs[img_id].img_type;
+
+ if (type == IMG_CERT) {
+ img_auth_method =
+ &auth_img_descs[img_id].img_auth_methods[AUTH_METHOD_SIG];
+ *type_desc = img_auth_method->param.sig.pk;
+ *buf_size = PK_DER_LEN;
+ } else if (type == IMG_RAW) {
+ img_auth_method =
+ &auth_img_descs[img_id].img_auth_methods[AUTH_METHOD_HASH];
+ *type_desc = img_auth_method->param.hash.hash;
+ *buf_size = HASH_DER_LEN;
+ } else {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * set_auth_method() - Update global auth image descriptors with authentication
+ * method data
+ * @auth_method_type[in]: Type of authentication method
+ * @oid[in]: Object Idetifier for pk/hash search
+ * @auth_method[in]: Pointer to authentication method to set
+ ******************************************************************************/
+static void set_auth_method(auth_method_type_t auth_method_type, char *oid,
+ auth_method_desc_t *auth_method)
+{
+ auth_param_type_t auth_param_type = AUTH_PARAM_NONE;
+ auth_param_type_desc_t *auth_param_type_desc;
+
+ assert(auth_method != NULL);
+
+ auth_param_type_desc = pool_alloc(&auth_param_type_descs_pool);
+ auth_method->type = auth_method_type;
+
+ if (auth_method_type == AUTH_METHOD_SIG) {
+ auth_param_type = AUTH_PARAM_PUB_KEY;
+ auth_method->param.sig.sig = &sig;
+ auth_method->param.sig.alg = &sig_alg;
+ auth_method->param.sig.data = &raw_data;
+ auth_method->param.sig.pk = auth_param_type_desc;
+ } else if (auth_method_type == AUTH_METHOD_HASH) {
+ auth_param_type = AUTH_PARAM_HASH;
+ auth_method->param.hash.data = &raw_data;
+ auth_method->param.hash.hash = auth_param_type_desc;
+ } else if (auth_method_type == AUTH_METHOD_NV_CTR) {
+ auth_param_type = AUTH_PARAM_NV_CTR;
+ auth_method->param.nv_ctr.cert_nv_ctr = auth_param_type_desc;
+ auth_method->param.nv_ctr.plat_nv_ctr = auth_param_type_desc;
+ }
+
+ auth_param_type_desc->type = auth_param_type;
+ auth_param_type_desc->cookie = (void *)oid;
+}
+
+/*******************************************************************************
+ * get_oid() - get object identifier from device tree
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the node
+ * @prop[in]: Property to read from the given node
+ * @oid[out]: Object Indentifier of key/hash/nv-counter in certificate
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int get_oid(const void *dtb, int node, const char *prop, char **oid)
+{
+ uint32_t phandle;
+ int rc;
+
+ rc = fdt_read_uint32(dtb, node, prop, &phandle);
+ if (rc < 0) {
+ return rc;
+ }
+
+ node = fdt_node_offset_by_phandle(dtb, phandle);
+ if (node < 0) {
+ return node;
+ }
+
+ *oid = pool_alloc(&oid_pool);
+ rc = fdtw_read_string(dtb, node, "oid", *oid, MAX_OID_NAME_LEN);
+
+ return rc;
+}
+
+/*******************************************************************************
+ * populate_and_set_auth_methods() - Populate auth method parameters from
+ * device tree and set authentication method
+ * structure.
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the node
+ * @img_id[in]: Image identifier
+ * @type[in]: Type of image
+ * @root_certificate[in]:Root certificate (authenticated by ROTPK)
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int populate_and_set_auth_methods(const void *dtb, int node,
+ unsigned int img_id, img_type_t type,
+ bool root_certificate)
+{
+ auth_method_type_t auth_method_type = AUTH_METHOD_NONE;
+ int rc;
+ char *oid = NULL;
+
+ auth_method_desc_t *auth_method = pool_alloc_n(&auth_methods_pool,
+ AUTH_METHOD_NUM);
+
+ /*
+ * This is as per binding document where certificates are
+ * verified by signature and images are verified by hash.
+ */
+ if (type == IMG_CERT) {
+ if (root_certificate) {
+ oid = NULL;
+ } else {
+ rc = get_oid(dtb, node, "signing-key", &oid);
+ if (rc < 0) {
+ ERROR("FCONF: Can't read %s property\n",
+ "signing-key");
+ return rc;
+ }
+ }
+ auth_method_type = AUTH_METHOD_SIG;
+ } else if (type == IMG_RAW) {
+ rc = get_oid(dtb, node, "hash", &oid);
+ if (rc < 0) {
+ ERROR("FCONF: Can't read %s property\n",
+ "hash");
+ return rc;
+ }
+ auth_method_type = AUTH_METHOD_HASH;
+ } else {
+ return -1;
+ }
+
+ set_auth_method(auth_method_type, oid,
+ &auth_method[auth_method_type]);
+
+ /* Retrieve the optional property */
+ rc = get_oid(dtb, node, "antirollback-counter", &oid);
+ if (rc == 0) {
+ auth_method_type = AUTH_METHOD_NV_CTR;
+ set_auth_method(auth_method_type, oid,
+ &auth_method[auth_method_type]);
+ }
+
+ auth_img_descs[img_id].img_auth_methods = &auth_method[0];
+
+ return 0;
+}
+
+/*******************************************************************************
+ * get_parent_img_id() - Get parent image id for given child node
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the child node
+ * @parent_img_id[out]: Image id of parent
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int get_parent_img_id(const void *dtb, int node,
+ unsigned int *parent_img_id)
+{
+ uint32_t phandle;
+ int err;
+
+ err = fdt_read_uint32(dtb, node, "parent", &phandle);
+ if (err < 0) {
+ ERROR("FCONF: Could not read %s property in node\n",
+ "parent");
+ return err;
+ }
+
+ node = fdt_node_offset_by_phandle(dtb, phandle);
+ if (node < 0) {
+ ERROR("FCONF: Failed to locate node using its phandle\n");
+ return node;
+ }
+
+ err = fdt_read_uint32(dtb, node, "image-id", parent_img_id);
+ if (err < 0) {
+ ERROR("FCONF: Could not read %s property in node\n",
+ "image-id");
+ }
+
+ return err;
+}
+
+/*******************************************************************************
+ * set_desc_data() - Update data in descriptor's structure
+ * @dtb[in]: Pointer to the device tree blob in memory
+ * @node[in]: Offset of the node
+ * @type[in]: Type of image (RAW/CERT)
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int set_desc_data(const void *dtb, int node, img_type_t type)
+{
+ int rc;
+ bool root_certificate = false;
+ unsigned int img_id, parent_img_id;
+
+ rc = fdt_read_uint32(dtb, node, "image-id", &img_id);
+ if (rc < 0) {
+ ERROR("FCONF: Can't find property %s in node\n",
+ "image-id");
+ return rc;
+ }
+
+ if (fdt_getprop(dtb, node, "root-certificate",
+ NULL) != NULL) {
+ root_certificate = true;
+ }
+
+ if (!root_certificate) {
+ rc = get_parent_img_id(dtb, node, &parent_img_id);
+ if (rc < 0) {
+ return rc;
+ }
+ auth_img_descs[img_id].parent = &auth_img_descs[parent_img_id];
+ }
+
+ auth_img_descs[img_id].img_id = img_id;
+ auth_img_descs[img_id].img_type = type;
+
+ rc = populate_and_set_auth_methods(dtb, node, img_id, type,
+ root_certificate);
+ if (rc < 0) {
+ return rc;
+ }
+
+ if (type == IMG_CERT) {
+ auth_param_desc_t *auth_param =
+ pool_alloc_n(&auth_params_pool,
+ COT_MAX_VERIFIED_PARAMS);
+ auth_img_descs[img_id].authenticated_data = &auth_param[0];
+ }
+
+ cot_desc[img_id] = &auth_img_descs[img_id];
+
+ return rc;
+}
+
+/*******************************************************************************
+ * populate_manifest_descs() - Populate CoT descriptors and update global
+ * certificate structures
+ * @dtb[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int populate_manifest_descs(const void *dtb)
+{
+ int node, child;
+ int rc;
+
+ /*
+ * Assert the node offset points to "arm, cert-descs"
+ * compatible property
+ */
+ const char *compatible_str = "arm, cert-descs";
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+ if (node < 0) {
+ ERROR("FCONF: Can't find %s compatible in node\n",
+ compatible_str);
+ return node;
+ }
+
+ fdt_for_each_subnode(child, dtb, node) {
+ rc = set_desc_data(dtb, child, IMG_CERT);
+ if (rc < 0) {
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * populate_image_descs() - Populate CoT descriptors and update global
+ * image descriptor structures.
+ * @dtb[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int populate_image_descs(const void *dtb)
+{
+ int node, child;
+ int rc;
+
+ /*
+ * Assert the node offset points to "arm, img-descs"
+ * compatible property
+ */
+ const char *compatible_str = "arm, img-descs";
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+ if (node < 0) {
+ ERROR("FCONF: Can't find %s compatible in node\n",
+ compatible_str);
+ return node;
+ }
+
+ fdt_for_each_subnode(child, dtb, node) {
+ rc = set_desc_data(dtb, child, IMG_RAW);
+ if (rc < 0) {
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+/*******************************************************************************
+ * fconf_populate_cot_descs() - Populate CoT descriptors and update global
+ * structures
+ * @config[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int fconf_populate_cot_descs(uintptr_t config)
+{
+ auth_param_type_desc_t *type_desc = NULL;
+ unsigned int auth_buf_size = 0U;
+ int rc;
+
+ /* As libfdt uses void *, we can't avoid this cast */
+ const void *dtb = (void *)config;
+
+ /* populate manifest descs information */
+ rc = populate_manifest_descs(dtb);
+ if (rc < 0) {
+ ERROR("FCONF: population of %s descs failed %d\n",
+ "manifest", rc);
+ return rc;
+ }
+
+ /* populate image descs information */
+ rc = populate_image_descs(dtb);
+ if (rc < 0) {
+ ERROR("FCONF: population of %s descs failed %d\n",
+ "images", rc);
+ return rc;
+ }
+
+ /* update parent's authentication data */
+ for (unsigned int i = 0U; i < MAX_NUMBER_IDS; i++) {
+ if (auth_img_descs[i].parent != NULL) {
+ rc = get_auth_param_type_desc(i,
+ &type_desc,
+ &auth_buf_size);
+ if (rc < 0) {
+ ERROR("FCONF: failed to get auth data %d\n",
+ rc);
+ return rc;
+ }
+
+ rc = update_parent_auth_data(auth_img_descs[i].parent,
+ type_desc,
+ auth_buf_size);
+ if (rc < 0) {
+ ERROR("FCONF: auth data update failed %d\n",
+ rc);
+ return rc;
+ }
+ }
+ }
+
+ return rc;
+}
+
+FCONF_REGISTER_POPULATOR(TB_FW, cot_desc, fconf_populate_cot_descs);
+REGISTER_COT(cot_desc);
diff --git a/lib/libc/memset.c b/lib/libc/memset.c
index d8007d8..f9dd4c5 100644
--- a/lib/libc/memset.c
+++ b/lib/libc/memset.c
@@ -1,18 +1,48 @@
/*
- * Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
#include <string.h>
+#include <stdint.h>
void *memset(void *dst, int val, size_t count)
{
char *ptr = dst;
+ uint64_t *ptr64;
+ uint64_t fill = (unsigned char)val;
- while (count--)
+ /* Simplify code below by making sure we write at least one byte. */
+ if (count == 0) {
+ return dst;
+ }
+
+ /* Handle the first part, until the pointer becomes 64-bit aligned. */
+ while (((uintptr_t)ptr & 7)) {
+ *ptr++ = val;
+ if (--count == 0) {
+ return dst;
+ }
+ }
+
+ /* Duplicate the fill byte to the rest of the 64-bit word. */
+ fill |= fill << 8;
+ fill |= fill << 16;
+ fill |= fill << 32;
+
+ /* Use 64-bit writes for as long as possible. */
+ ptr64 = (void *)ptr;
+ for (; count >= 8; count -= 8) {
+ *ptr64++ = fill;
+ }
+
+ /* Handle the remaining part byte-per-byte. */
+ ptr = (void *)ptr64;
+ while (count--) {
*ptr++ = val;
+ }
return dst;
}
diff --git a/lib/libc/snprintf.c b/lib/libc/snprintf.c
index 2686327..6e80d8c 100644
--- a/lib/libc/snprintf.c
+++ b/lib/libc/snprintf.c
@@ -77,7 +77,7 @@
}
/*******************************************************************
- * Reduced snprintf to be used for Trusted firmware.
+ * Reduced vsnprintf to be used for Trusted firmware.
* The following type specifiers are supported:
*
* %x (or %X) - hexadecimal format
@@ -97,9 +97,8 @@
* buffer was big enough. If it returns a value lower than n, the
* whole string has been written.
*******************************************************************/
-int snprintf(char *s, size_t n, const char *fmt, ...)
+int vsnprintf(char *s, size_t n, const char *fmt, va_list args)
{
- va_list args;
int num;
unsigned long long int unum;
char *str;
@@ -120,7 +119,6 @@
n--;
}
- va_start(args, fmt);
while (*fmt != '\0') {
left = false;
padc ='\0';
@@ -221,10 +219,42 @@
chars_printed++;
}
- va_end(args);
-
- if (n > 0U)
+ if (n > 0U) {
*s = '\0';
+ }
return (int)chars_printed;
}
+
+/*******************************************************************
+ * Reduced snprintf to be used for Trusted firmware.
+ * The following type specifiers are supported:
+ *
+ * %x (or %X) - hexadecimal format
+ * %d or %i - signed decimal format
+ * %s - string format
+ * %u - unsigned decimal format
+ * %p - pointer format
+ *
+ * The following padding specifiers are supported by this print
+ * %0NN - Left-pad the number with 0s (NN is a decimal number)
+ * %NN - Left-pad the number or string with spaces (NN is a decimal number)
+ * %-NN - Right-pad the number or string with spaces (NN is a decimal number)
+ *
+ * The function panics on all other formats specifiers.
+ *
+ * It returns the number of characters that would be written if the
+ * buffer was big enough. If it returns a value lower than n, the
+ * whole string has been written.
+ *******************************************************************/
+int snprintf(char *s, size_t n, const char *fmt, ...)
+{
+ int count;
+ va_list all_args;
+
+ va_start(all_args, fmt);
+ count = vsnprintf(s, n, fmt, all_args);
+ va_end(all_args);
+
+ return count;
+}
diff --git a/lib/libc/strlcat.c b/lib/libc/strlcat.c
new file mode 100644
index 0000000..e60c863
--- /dev/null
+++ b/lib/libc/strlcat.c
@@ -0,0 +1,56 @@
+/* $OpenBSD: strlcat.c,v 1.15 2015/03/02 21:41:08 millert Exp $ */
+
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 1998, 2015 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <string.h>
+
+/*
+ * Appends src to string dst of size dsize (unlike strncat, dsize is the
+ * full size of dst, not space left). At most dsize-1 characters
+ * will be copied. Always NUL terminates (unless dsize <= strlen(dst)).
+ * Returns strlen(src) + MIN(dsize, strlen(initial dst)).
+ * If retval >= dsize, truncation occurred.
+ */
+size_t
+strlcat(char * dst, const char * src, size_t dsize)
+{
+ const char *odst = dst;
+ const char *osrc = src;
+ size_t n = dsize;
+ size_t dlen;
+
+ /* Find the end of dst and adjust bytes left but don't go past end. */
+ while (n-- != 0 && *dst != '\0')
+ dst++;
+ dlen = dst - odst;
+ n = dsize - dlen;
+
+ if (n-- == 0)
+ return(dlen + strlen(src));
+ while (*src != '\0') {
+ if (n != 0) {
+ *dst++ = *src;
+ n--;
+ }
+ src++;
+ }
+ *dst = '\0';
+
+ return(dlen + (src - osrc)); /* count does not include NUL */
+}
diff --git a/lib/psci/psci_common.c b/lib/psci/psci_common.c
index cced276..6d81377 100644
--- a/lib/psci/psci_common.c
+++ b/lib/psci/psci_common.c
@@ -12,6 +12,7 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
+#include <drivers/delay_timer.h>
#include <lib/el3_runtime/context_mgmt.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
@@ -973,3 +974,49 @@
psci_do_pwrdown_cache_maintenance(power_level);
#endif
}
+
+/*******************************************************************************
+ * This function invokes the callback 'stop_func()' with the 'mpidr' of each
+ * online PE. Caller can pass suitable method to stop a remote core.
+ *
+ * 'wait_ms' is the timeout value in milliseconds for the other cores to
+ * transition to power down state. Passing '0' makes it non-blocking.
+ *
+ * The function returns 'PSCI_E_DENIED' if some cores failed to stop within the
+ * given timeout.
+ ******************************************************************************/
+int psci_stop_other_cores(unsigned int wait_ms,
+ void (*stop_func)(u_register_t mpidr))
+{
+ unsigned int idx, this_cpu_idx;
+
+ this_cpu_idx = plat_my_core_pos();
+
+ /* Invoke stop_func for each core */
+ for (idx = 0U; idx < psci_plat_core_count; idx++) {
+ /* skip current CPU */
+ if (idx == this_cpu_idx) {
+ continue;
+ }
+
+ /* Check if the CPU is ON */
+ if (psci_get_aff_info_state_by_idx(idx) == AFF_STATE_ON) {
+ (*stop_func)(psci_cpu_pd_nodes[idx].mpidr);
+ }
+ }
+
+ /* Need to wait for other cores to shutdown */
+ if (wait_ms != 0U) {
+ while ((wait_ms-- != 0U) && (psci_is_last_on_cpu() != 0U)) {
+ mdelay(1U);
+ }
+
+ if (psci_is_last_on_cpu() != 0U) {
+ WARN("Failed to stop all cores!\n");
+ psci_print_power_domain_map();
+ return PSCI_E_DENIED;
+ }
+ }
+
+ return PSCI_E_SUCCESS;
+}
diff --git a/make_helpers/windows.mk b/make_helpers/windows.mk
index 5ab8bdc..26ea88e 100644
--- a/make_helpers/windows.mk
+++ b/make_helpers/windows.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2016-2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -86,3 +86,5 @@
$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -x c -c - -o $1
endef
+MSVC_NMAKE := nmake.exe
+
diff --git a/plat/arm/board/a5ds/platform.mk b/plat/arm/board/a5ds/platform.mk
index 5d610f4..8b0dc5c 100644
--- a/plat/arm/board/a5ds/platform.mk
+++ b/plat/arm/board/a5ds/platform.mk
@@ -77,14 +77,14 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/a5ds_tb_fw_config.dtb
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
$(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
fdts/$(notdir ${FVP_HW_CONFIG_DTS})))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG}))
FDT_SOURCES += plat/arm/board/a5ds/fdts/a5ds_fw_config.dts \
plat/arm/board/a5ds/fdts/a5ds_tb_fw_config.dts \
diff --git a/plat/arm/board/arm_fpga/fpga_bl31_setup.c b/plat/arm/board/arm_fpga/fpga_bl31_setup.c
index 9db107c..de6d9d5 100644
--- a/plat/arm/board/arm_fpga/fpga_bl31_setup.c
+++ b/plat/arm/board/arm_fpga/fpga_bl31_setup.c
@@ -5,7 +5,9 @@
*/
#include <assert.h>
+#include <errno.h>
+#include <common/fdt_fixup.h>
#include <common/fdt_wrappers.h>
#include <drivers/delay_timer.h>
#include <drivers/generic_delay_timer.h>
@@ -193,6 +195,24 @@
}
}
+ if (err < 0) {
+ ERROR("Error %d extending Device Tree\n", err);
+ panic();
+ }
+
+ err = fdt_add_cpus_node(fdt, FPGA_MAX_PE_PER_CPU,
+ FPGA_MAX_CPUS_PER_CLUSTER,
+ FPGA_MAX_CLUSTER_COUNT);
+
+ if (err == -EEXIST) {
+ WARN("Not overwriting already existing /cpus node in DTB\n");
+ } else {
+ if (err < 0) {
+ ERROR("Error %d creating the /cpus DT node\n", err);
+ panic();
+ }
+ }
+
err = fdt_pack(fdt);
if (err < 0) {
ERROR("Failed to pack Device Tree at %p: error %d\n", fdt, err);
diff --git a/plat/arm/board/arm_fpga/platform.mk b/plat/arm/board/arm_fpga/platform.mk
index 1e7badf..8904339 100644
--- a/plat/arm/board/arm_fpga/platform.mk
+++ b/plat/arm/board/arm_fpga/platform.mk
@@ -86,6 +86,7 @@
PLAT_BL_COMMON_SOURCES := plat/arm/board/arm_fpga/${ARCH}/fpga_helpers.S
BL31_SOURCES += common/fdt_wrappers.c \
+ common/fdt_fixup.c \
drivers/delay_timer/delay_timer.c \
drivers/delay_timer/generic_delay_timer.c \
drivers/arm/pl011/${ARCH}/pl011_console.S \
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index 38cbba9..8239e0d 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -12,7 +12,9 @@
#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <drivers/delay_timer.h>
#include <lib/cassert.h>
+#include <lib/fconf/fconf.h>
#include <plat/arm/common/plat_arm.h>
+#include <plat/arm/common/fconf_nv_cntr_getter.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
#include <platform_def.h>
@@ -29,6 +31,16 @@
#endif
#endif
+#if COT_DESC_IN_DTB && defined(IMAGE_BL2)
+uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
+#else
+uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS] = {
+ TFW_NVCTR_BASE,
+ NTFW_CTR_BASE
+};
+#endif
+
+
/* Weak definition may be overridden in specific platform */
#pragma weak plat_get_nv_ctr
#pragma weak plat_set_nv_ctr
@@ -183,9 +195,11 @@
oid = (const char *)cookie;
if (strcmp(oid, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- nv_ctr_addr = (uint32_t *)TFW_NVCTR_BASE;
+ nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+ TRUSTED_NV_CTR_ID);
} else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- nv_ctr_addr = (uint32_t *)NTFW_CTR_BASE;
+ nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+ NON_TRUSTED_NV_CTR_ID);
} else {
return 1;
}
diff --git a/plat/arm/board/corstone700/platform.mk b/plat/arm/board/corstone700/platform.mk
index 513af3c..9a8d38c 100644
--- a/plat/arm/board/corstone700/platform.mk
+++ b/plat/arm/board/corstone700/platform.mk
@@ -48,7 +48,7 @@
$(eval CORSTONE700_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(CORSTONE700_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${CORSTONE700_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${CORSTONE700_HW_CONFIG},--hw-config,${CORSTONE700_HW_CONFIG}))
# Check for Linux kernel as a BL33 image by default
$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
diff --git a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
index 692f5a9..fe154e9 100644
--- a/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
+++ b/plat/arm/board/fvp/fdts/fvp_tb_fw_config.dts
@@ -40,35 +40,34 @@
};
/*
- * Though TF-A is UUID RFC 4122 compliant meaning fields are stored in
- * network order (big endian), UUID's mentioned in this file are are
- * stored in machine order (little endian).
- * This will be fixed in future.
+ * UUID's here are UUID RFC 4122 compliant meaning fieds are stored in
+ * network order (big endian)
*/
+
#if ARM_IO_IN_DTB
arm-io_policies {
fip-handles {
compatible = "arm,io-fip-handle";
- scp_bl2_uuid = <0x3dfd6697 0x49e8be89 0xa1785dae 0x13826040>;
- bl31_uuid = <0x6d08d447 0x4698fe4c 0x5029959b 0x005abdcb>;
- bl32_uuid = <0x89e1d005 0x4713dc53 0xa502b8d 0x383e7a4b>;
- bl32_extra1_uuid = <0x9bc2700b 0x40785a2a 0x560a659f 0x88827382>;
- bl32_extra2_uuid = <0xb17ba88e 0x4d3fa2cf 0xbbe7fd85 0xd92002a5>;
- bl33_uuid = <0xa7eed0d6 0x4bd5eafc 0x34998297 0xe4b634f2>;
- hw_cfg_uuid = <0xd9f1b808 0x4993cfc9 0xbc6f62a9 0xcc65726b>;
- soc_fw_cfg_uuid = <0x4b817999 0x46fb7603 0x268d8e8c 0xe059787f>;
- tos_fw_cfg_uuid = <0x1a7c2526 0x477fc6db 0xc4c4968d 0x218024b0>;
- nt_fw_cfg_uuid = <0x1598da28 0x447ee893 0xaf1a66ac 0xf9501580>;
- t_key_cert_uuid = <0x90e87e82 0x11e460f8 0x7a77b4a1 0x4cf9b421>;
- scp_fw_key_uuid = <0xa1214202 0x11e460f8 0x3cf39b8d 0x14a0150e>;
- soc_fw_key_uuid = <0xccbeb88a 0x11e460f9 0x48ebd09a 0xf8dcd822>;
- tos_fw_key_cert_uuid = <0x3d67794 0x11e460fb 0x10b7dd85 0x4ee8c5b>;
- nt_fw_key_cert_uuid = <0x2a83d58a 0x11e460fb 0x30dfaf8a 0x5998c4bb>;
- scp_fw_content_cert_uuid = <0x046fbe44 0x11e4635e 0xd8738bb2 0x5696aeea>;
- soc_fw_content_cert_uuid = <0x200cb2e2 0x11e4635e 0xccabe89c 0x66b62bf9>;
- tos_fw_content_cert_uuid = <0x11449fa4 0x11e4635e 0x53f2887 0x3df32a72>;
- nt_fw_content_cert_uuid = <0xf3c1c48e 0x11e4635d 0xee87a9a7 0xa73fb240>;
- sp_content_cert_uuid = <0x44fd6d77 0x3b4c9786 0x3ec1eb91 0x6f2a5a02>;
+ scp_bl2_uuid = <0x9766fd3d 0x89bee849 0xae5d78a1 0x40608213>;
+ bl31_uuid = <0x47d4086d 0x4cfe9846 0x9b952950 0xcbbd5a00>;
+ bl32_uuid = <0x05d0e189 0x53dc1347 0x8d2b500a 0x4b7a3e38>;
+ bl32_extra1_uuid = <0x0b70c28b 0x2a5a7840 0x9f650a56 0x82738288>;
+ bl32_extra2_uuid = <0x8ea87bb1 0xcfa23f4d 0x85fde7bb 0xa50220d9>;
+ bl33_uuid = <0xd6d0eea7 0xfcead54b 0x97829934 0xf234b6e4>;
+ hw_cfg_uuid = <0x08b8f1d9 0xc9cf9349 0xa9626fbc 0x6b7265cc>;
+ soc_fw_cfg_uuid = <0x9979814b 0x0376fb46 0x8c8e8d26 0x7f7859e0>;
+ tos_fw_cfg_uuid = <0x26257c1a 0xdbc67f47 0x8d96c4c4 0xb0248021>;
+ nt_fw_cfg_uuid = <0x28da9815 0x93e87e44 0xac661aaf 0x801550f9>;
+ t_key_cert_uuid = <0x827ee890 0xf860e411 0xa1b477a7 0x21b4f94c>;
+ scp_fw_key_uuid = <0x024221a1 0xf860e411 0x8d9bf33c 0x0e15a014>;
+ soc_fw_key_uuid = <0x8ab8becc 0xf960e411 0x9ad0eb48 0x22d8dcf8>;
+ tos_fw_key_cert_uuid = <0x9477d603 0xfb60e411 0x85ddb710 0x5b8cee04>;
+ nt_fw_key_cert_uuid = <0x8ad5832a 0xfb60e411 0x8aafdf30 0xbbc49859>;
+ scp_fw_content_cert_uuid = <0x44be6f04 0x5e63e411 0xb28b73d8 0xeaae9656>;
+ soc_fw_content_cert_uuid = <0xe2b20c20 0x5e63e411 0x9ce8abcc 0xf92bb666>;
+ tos_fw_content_cert_uuid = <0xa49f4411 0x5e63e411 0x87283f05 0x722af33d>;
+ nt_fw_content_cert_uuid = <0x8ec4c1f3 0x5d63e411 0xa7a987ee 0x40b23fa7>;
+ sp_content_cert_uuid = <0x776dfd44 0x86974c3b 0x91ebc13e 0x025a2a6f>;
};
};
#endif /* ARM_IO_IN_DTB */
@@ -77,24 +76,24 @@
compatible = "arm,sp";
#ifdef OPTEE_SP_FW_CONFIG
op-tee {
- uuid = <0xe0786148 0xe311f8e7 0x02005ebc 0x1bc5d5a5>;
+ uuid = <0x486178e0 0xe7f811e3 0xbc5e0002 0xa5d5c51b>;
load-address = <0x6280000>;
};
#else
cactus-primary {
- uuid = <0x1e67b5b4 0xe14f904a 0x13fb1fb8 0xcbdae1da>;
+ uuid = <0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1dacb>;
load-address = <0x7000000>;
owner = "SiP";
};
cactus-secondary {
- uuid = <0x092358d1 0xb94723f0 0x64447c82 0xc88f57f5>;
+ uuid = <0xd1582309 0xf02347b9 0x827c4464 0xf5578fc8>;
load-address = <0x7100000>;
owner = "Plat";
};
cactus-tertiary {
- uuid = <0x735cb579 0xb9448c1d 0xe1619385 0xd2d80a77>;
+ uuid = <0x79b55c73 0x1d8c44b9 0x859361e1 0x770ad8d2>;
load-address = <0x7200000>;
};
#endif
diff --git a/plat/arm/board/fvp/fvp_trusted_boot.c b/plat/arm/board/fvp/fvp_trusted_boot.c
index 8825198..1ea37f7 100644
--- a/plat/arm/board/fvp/fvp_trusted_boot.c
+++ b/plat/arm/board/fvp/fvp_trusted_boot.c
@@ -9,7 +9,9 @@
#include <string.h>
#include <lib/mmio.h>
+#include <lib/fconf/fconf.h>
#include <plat/arm/common/plat_arm.h>
+#include <plat/arm/common/fconf_nv_cntr_getter.h>
#include <plat/common/platform.h>
#include <platform_def.h>
#include <tools_share/tbbr_oid.h>
@@ -50,9 +52,11 @@
oid = (const char *)cookie;
if (strcmp(oid, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- nv_ctr_addr = TFW_NVCTR_BASE;
+ nv_ctr_addr = FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+ TRUSTED_NV_CTR_ID);
} else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- nv_ctr_addr = NTFW_CTR_BASE;
+ nv_ctr_addr = FCONF_GET_PROPERTY(cot, nv_cntr_addr,
+ NON_TRUSTED_NV_CTR_ID);
} else {
return 1;
}
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index a986017..50f6389 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -118,7 +118,11 @@
* little space for growth.
*/
#if TRUSTED_BOARD_BOOT
+#if COT_DESC_IN_DTB
+# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1E000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - FVP_BL2_ROMLIB_OPTIMIZATION)
+#endif
#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_BL2_ROMLIB_OPTIMIZATION)
#endif
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index a7d1825..4565d05 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -168,6 +168,9 @@
${FVP_SECURITY_SOURCES}
+ifeq (${COT_DESC_IN_DTB},1)
+BL2_SOURCES += plat/arm/common/fconf/fconf_nv_cntr_getter.c
+endif
ifeq (${BL2_AT_EL3},1)
BL2_SOURCES += plat/arm/board/fvp/${ARCH}/fvp_helpers.S \
@@ -243,7 +246,7 @@
FVP_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tsp_fw_config.dtb
# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config,${FVP_TOS_FW_CONFIG}))
endif
ifeq (${SPD},spmd)
@@ -256,23 +259,23 @@
FVP_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${ARM_SPMC_MANIFEST_DTS})).dtb
# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TOS_FW_CONFIG},--tos-fw-config,${FVP_TOS_FW_CONFIG}))
endif
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config,${FVP_FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config,${FVP_TB_FW_CONFIG}))
# Add the SOC_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_SOC_FW_CONFIG},--soc-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_SOC_FW_CONFIG},--soc-fw-config,${FVP_SOC_FW_CONFIG}))
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_NT_FW_CONFIG},--nt-fw-config,${FVP_NT_FW_CONFIG}))
FDT_SOURCES += ${FVP_HW_CONFIG_DTS}
$(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(FVP_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG}))
endif
# Enable Activity Monitor Unit extensions by default
diff --git a/plat/arm/board/fvp_ve/platform.mk b/plat/arm/board/fvp_ve/platform.mk
index 0aa1de4..ac45d57 100644
--- a/plat/arm/board/fvp_ve/platform.mk
+++ b/plat/arm/board/fvp_ve/platform.mk
@@ -81,15 +81,15 @@
FVP_TB_FW_CONFIG := ${BUILD_PLAT}/fdts/fvp_ve_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_FW_CONFIG},--fw-config,${FVP_FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_TB_FW_CONFIG},--tb-fw-config,${FVP_TB_FW_CONFIG}))
FDT_SOURCES += ${FVP_HW_CONFIG_DTS}
$(eval FVP_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb, \
fdts/$(notdir ${FVP_HW_CONFIG_DTS})))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FVP_HW_CONFIG},--hw-config,${FVP_HW_CONFIG}))
endif
NEED_BL32 := yes
diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk
index 196d3c0..78704b5 100644
--- a/plat/arm/board/juno/platform.mk
+++ b/plat/arm/board/juno/platform.mk
@@ -172,9 +172,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
diff --git a/plat/arm/board/rddaniel/platform.mk b/plat/arm/board/rddaniel/platform.mk
index 81632a5..8909b55 100644
--- a/plat/arm/board/rddaniel/platform.mk
+++ b/plat/arm/board/rddaniel/platform.mk
@@ -44,14 +44,14 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${RDDANIEL_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
override CTX_INCLUDE_AARCH32_REGS := 0
diff --git a/plat/arm/board/rddanielxlr/platform.mk b/plat/arm/board/rddanielxlr/platform.mk
index 93967ad..61af81a 100644
--- a/plat/arm/board/rddanielxlr/platform.mk
+++ b/plat/arm/board/rddanielxlr/platform.mk
@@ -47,9 +47,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
$(eval $(call CREATE_SEQ,SEQ,4))
ifneq ($(CSS_SGI_CHIP_COUNT),$(filter $(CSS_SGI_CHIP_COUNT),$(SEQ)))
@@ -61,6 +61,6 @@
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
override CTX_INCLUDE_AARCH32_REGS := 0
diff --git a/plat/arm/board/rde1edge/platform.mk b/plat/arm/board/rde1edge/platform.mk
index e09afca..a7c0434 100644
--- a/plat/arm/board/rde1edge/platform.mk
+++ b/plat/arm/board/rde1edge/platform.mk
@@ -41,15 +41,15 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${RDE1EDGE_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
ifneq ($(CSS_SGI_CHIP_COUNT),1)
$(error "Chip count for RDE1Edge should be 1, currently set to \
diff --git a/plat/arm/board/rdn1edge/platform.mk b/plat/arm/board/rdn1edge/platform.mk
index 3f0cc7f..b313426 100644
--- a/plat/arm/board/rdn1edge/platform.mk
+++ b/plat/arm/board/rdn1edge/platform.mk
@@ -47,15 +47,15 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${RDN1EDGE_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
$(eval $(call CREATE_SEQ,SEQ,2))
ifneq ($(CSS_SGI_CHIP_COUNT),$(filter $(CSS_SGI_CHIP_COUNT),$(SEQ)))
diff --git a/plat/arm/board/sgi575/platform.mk b/plat/arm/board/sgi575/platform.mk
index f5d547d..56f5733 100644
--- a/plat/arm/board/sgi575/platform.mk
+++ b/plat/arm/board/sgi575/platform.mk
@@ -42,15 +42,15 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
FDT_SOURCES += ${SGI575_BASE}/fdts/${PLAT}_nt_fw_config.dts
NT_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_nt_fw_config.dtb
# Add the NT_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${NT_FW_CONFIG},--nt-fw-config,${NT_FW_CONFIG}))
ifneq ($(CSS_SGI_CHIP_COUNT),1)
$(error "Chip count for SGI575 should be 1, currently set to \
diff --git a/plat/arm/board/sgm775/platform.mk b/plat/arm/board/sgm775/platform.mk
index 26bc25d..a649939 100644
--- a/plat/arm/board/sgm775/platform.mk
+++ b/plat/arm/board/sgm775/platform.mk
@@ -15,9 +15,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
PLAT_INCLUDES +=-I${SGM775_BASE}/include/
diff --git a/plat/arm/board/tc0/include/platform_def.h b/plat/arm/board/tc0/include/platform_def.h
index 56c71c1..a8d471e 100644
--- a/plat/arm/board/tc0/include/platform_def.h
+++ b/plat/arm/board/tc0/include/platform_def.h
@@ -183,12 +183,12 @@
* PLAT_CSS_MAX_SCP_BL2_SIZE is calculated using the current
* SCP_BL2 size plus a little space for growth.
*/
-#define PLAT_CSS_MAX_SCP_BL2_SIZE 0x14000
+#define PLAT_CSS_MAX_SCP_BL2_SIZE 0x20000
/*
* PLAT_CSS_MAX_SCP_BL2U_SIZE is calculated using the current
* SCP_BL2U size plus a little space for growth.
*/
-#define PLAT_CSS_MAX_SCP_BL2U_SIZE 0x14000
+#define PLAT_CSS_MAX_SCP_BL2U_SIZE 0x20000
#endif /* PLATFORM_DEF_H */
diff --git a/plat/arm/board/tc0/platform.mk b/plat/arm/board/tc0/platform.mk
index 0bf18e4..903fabf 100644
--- a/plat/arm/board/tc0/platform.mk
+++ b/plat/arm/board/tc0/platform.mk
@@ -79,9 +79,9 @@
TB_FW_CONFIG := ${BUILD_PLAT}/fdts/${PLAT}_tb_fw_config.dtb
# Add the FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
# Add the TB_FW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TB_FW_CONFIG},--tb-fw-config,${TB_FW_CONFIG}))
#Device tree
TC0_HW_CONFIG_DTS := fdts/tc0.dts
@@ -90,7 +90,7 @@
$(eval TC0_HW_CONFIG := ${BUILD_PLAT}/$(patsubst %.dts,%.dtb,$(TC0_HW_CONFIG_DTS)))
# Add the HW_CONFIG to FIP and specify the same to certtool
-$(eval $(call TOOL_ADD_PAYLOAD,${TC0_HW_CONFIG},--hw-config))
+$(eval $(call TOOL_ADD_PAYLOAD,${TC0_HW_CONFIG},--hw-config,${TC0_HW_CONFIG}))
override CTX_INCLUDE_AARCH32_REGS := 0
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 96ab2d3..bbcc954 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -297,9 +297,14 @@
# Include the selected chain of trust sources.
ifeq (${COT},tbbr)
- AUTH_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c
- BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_bl1.c
- BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_bl2.c
+ BL1_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
+ drivers/auth/tbbr/tbbr_cot_bl1.c
+ ifneq (${COT_DESC_IN_DTB},0)
+ BL2_SOURCES += lib/fconf/fconf_cot_getter.c
+ else
+ BL2_SOURCES += drivers/auth/tbbr/tbbr_cot_common.c \
+ drivers/auth/tbbr/tbbr_cot_bl2.c
+ endif
else ifeq (${COT},dualroot)
AUTH_SOURCES += drivers/auth/dualroot/cot.c
else
diff --git a/plat/arm/common/fconf/arm_fconf_io.c b/plat/arm/common/fconf/arm_fconf_io.c
index 5f125d3..48286c2 100644
--- a/plat/arm/common/fconf/arm_fconf_io.c
+++ b/plat/arm/common/fconf/arm_fconf_io.c
@@ -249,6 +249,7 @@
{
int err, node;
unsigned int i;
+ unsigned int j;
union uuid_helper_t uuid_helper;
io_uuid_spec_t *uuid_ptr;
@@ -274,6 +275,15 @@
return err;
}
+ /* Convert uuid from big endian to little endian */
+ for (j = 0U; j < 4U; j++) {
+ uuid_helper.word[j] =
+ ((uuid_helper.word[j] >> 24U) & 0xff) |
+ ((uuid_helper.word[j] << 8U) & 0xff0000) |
+ ((uuid_helper.word[j] >> 8U) & 0xff00) |
+ ((uuid_helper.word[j] << 24U) & 0xff000000);
+ }
+
VERBOSE("FCONF: arm-io_policies.%s cell found with value = 0x%x 0x%x 0x%x 0x%x\n",
load_info[i].name,
uuid_helper.word[0], uuid_helper.word[1],
diff --git a/plat/arm/common/fconf/arm_fconf_sp.c b/plat/arm/common/fconf/arm_fconf_sp.c
index 50a9dd4..7950e7f 100644
--- a/plat/arm/common/fconf/arm_fconf_sp.c
+++ b/plat/arm/common/fconf/arm_fconf_sp.c
@@ -37,6 +37,7 @@
const unsigned int plat_start = SP_PKG5_ID;
unsigned int plat_index = plat_start;
const unsigned int plat_end = plat_start + MAX_SP_IDS / 2;
+ unsigned int j;
/* As libfdt use void *, we can't avoid this cast */
const void *dtb = (void *)config;
@@ -64,6 +65,16 @@
ERROR("FCONF: cannot read SP uuid\n");
return -1;
}
+
+ /* Convert uuid from big endian to little endian */
+ for (j = 0U; j < 4U; j++) {
+ uuid_helper.word[j] =
+ ((uuid_helper.word[j] >> 24U) & 0xff) |
+ ((uuid_helper.word[j] << 8U) & 0xff0000) |
+ ((uuid_helper.word[j] >> 8U) & 0xff00) |
+ ((uuid_helper.word[j] << 24U) & 0xff000000);
+ }
+
arm_sp.uuids[index] = uuid_helper;
VERBOSE("FCONF: %s UUID %x-%x-%x-%x load_addr=%lx\n",
__func__,
diff --git a/plat/arm/common/fconf/fconf_nv_cntr_getter.c b/plat/arm/common/fconf/fconf_nv_cntr_getter.c
new file mode 100644
index 0000000..8d645ef
--- /dev/null
+++ b/plat/arm/common/fconf/fconf_nv_cntr_getter.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <assert.h>
+
+#include <common/debug.h>
+#include <common/fdt_wrappers.h>
+
+#include <libfdt.h>
+
+#include <plat/arm/common/fconf_nv_cntr_getter.h>
+
+/*******************************************************************************
+ * fconf_populate_cot_descs() - Populate available nv-counters and update global
+ * structure.
+ * @config[in]: Pointer to the device tree blob in memory
+ *
+ * Return 0 on success or an error value otherwise.
+ ******************************************************************************/
+static int fconf_populate_nv_cntrs(uintptr_t config)
+{
+ int rc, node, child;
+ uint32_t id;
+ uintptr_t reg;
+
+ /* As libfdt uses void *, we can't avoid this cast */
+ const void *dtb = (void *)config;
+ const char *compatible_str = "arm, non-volatile-counter";
+
+ node = fdt_node_offset_by_compatible(dtb, -1, compatible_str);
+ if (node < 0) {
+ ERROR("FCONF: Can't find %s compatible in node\n",
+ compatible_str);
+ return node;
+ }
+
+ fdt_for_each_subnode(child, dtb, node) {
+
+ rc = fdt_read_uint32(dtb, child, "id", &id);
+ if (rc < 0) {
+ ERROR("FCONF: Can't find %s property in node\n", "id");
+ return rc;
+ }
+
+ assert(id < MAX_NV_CTR_IDS);
+
+ rc = fdt_get_reg_props_by_index(dtb, child, 0, ®, NULL);
+ if (rc < 0) {
+ ERROR("FCONF: Can't find %s property in node\n", "reg");
+ return rc;
+ }
+
+ nv_cntr_base_addr[id] = reg;
+ }
+
+ return 0;
+}
+
+FCONF_REGISTER_POPULATOR(TB_FW, nv_cntrs, fconf_populate_nv_cntrs);
diff --git a/plat/mediatek/common/mtk_plat_common.c b/plat/mediatek/common/mtk_plat_common.c
index a07a298..f57e435 100644
--- a/plat/mediatek/common/mtk_plat_common.c
+++ b/plat/mediatek/common/mtk_plat_common.c
@@ -10,8 +10,10 @@
#include <drivers/arm/cci.h>
#include <drivers/console.h>
#include <lib/mmio.h>
+#include <lib/smccc.h>
#include <lib/xlat_tables/xlat_tables.h>
#include <plat/common/platform.h>
+#include <services/arm_arch_svc.h>
#include <mtk_plat_common.h>
#include <mtk_sip_svc.h>
@@ -116,3 +118,33 @@
spsr = SPSR_MODE32(mode, 0, ee, daif);
return spsr;
}
+
+/*****************************************************************************
+ * plat_is_smccc_feature_available() - This function checks whether SMCCC
+ * feature is availabile for platform.
+ * @fid: SMCCC function id
+ *
+ * Return SMC_OK if SMCCC feature is available and SMC_ARCH_CALL_NOT_SUPPORTED
+ * otherwise.
+ *****************************************************************************/
+int32_t plat_is_smccc_feature_available(u_register_t fid)
+{
+ switch (fid) {
+ case SMCCC_ARCH_SOC_ID:
+ return SMC_ARCH_CALL_SUCCESS;
+ default:
+ return SMC_ARCH_CALL_NOT_SUPPORTED;
+ }
+}
+
+int32_t plat_get_soc_version(void)
+{
+ uint32_t manfid = (JEDEC_MTK_BKID << 24U) | (JEDEC_MTK_MFID << 16U);
+
+ return (int32_t)(manfid | (SOC_CHIP_ID & 0xFFFFU));
+}
+
+int32_t plat_get_soc_revision(void)
+{
+ return 0;
+}
diff --git a/plat/mediatek/common/mtk_plat_common.h b/plat/mediatek/common/mtk_plat_common.h
index 55f4c51..919c173 100644
--- a/plat/mediatek/common/mtk_plat_common.h
+++ b/plat/mediatek/common/mtk_plat_common.h
@@ -18,6 +18,9 @@
#define LINUX_KERNEL_32 0
#define SMC32_PARAM_MASK (0xFFFFFFFF)
+#define JEDEC_MTK_BKID U(4)
+#define JEDEC_MTK_MFID U(0x26)
+
struct atf_arg_t {
unsigned int atf_magic;
unsigned int tee_support;
diff --git a/plat/mediatek/mt8173/include/platform_def.h b/plat/mediatek/mt8173/include/platform_def.h
index 22129db..d340422 100644
--- a/plat/mediatek/mt8173/include/platform_def.h
+++ b/plat/mediatek/mt8173/include/platform_def.h
@@ -51,6 +51,8 @@
PLATFORM_CLUSTER_COUNT + \
PLATFORM_CORE_COUNT)
+#define SOC_CHIP_ID U(0x8173)
+
/*******************************************************************************
* Platform memory map related constants
******************************************************************************/
diff --git a/plat/mediatek/mt8183/include/platform_def.h b/plat/mediatek/mt8183/include/platform_def.h
index 49a0f80..25ccfbc 100644
--- a/plat/mediatek/mt8183/include/platform_def.h
+++ b/plat/mediatek/mt8183/include/platform_def.h
@@ -279,6 +279,8 @@
PLATFORM_CLUSTER_COUNT + \
PLATFORM_CORE_COUNT)
+#define SOC_CHIP_ID U(0x8183)
+
/*******************************************************************************
* Platform memory map related constants
******************************************************************************/
diff --git a/plat/mediatek/mt8192/include/platform_def.h b/plat/mediatek/mt8192/include/platform_def.h
index e1f0faf..f68015a 100644
--- a/plat/mediatek/mt8192/include/platform_def.h
+++ b/plat/mediatek/mt8192/include/platform_def.h
@@ -59,6 +59,8 @@
#define PLATFORM_CORE_COUNT (PLATFORM_CLUSTER0_CORE_COUNT)
#define PLATFORM_MAX_CPUS_PER_CLUSTER U(8)
+#define SOC_CHIP_ID U(0x8192)
+
/*******************************************************************************
* Platform memory map related constants
******************************************************************************/
diff --git a/plat/nvidia/tegra/common/aarch64/tegra_helpers.S b/plat/nvidia/tegra/common/aarch64/tegra_helpers.S
index 64d21b4..6c8c4f0 100644
--- a/plat/nvidia/tegra/common/aarch64/tegra_helpers.S
+++ b/plat/nvidia/tegra/common/aarch64/tegra_helpers.S
@@ -215,7 +215,8 @@
*/
mov x0, x17
mov x1, x18
- mov x2, #BL31_SIZE
+ adr x2, __RELA_END__
+ sub x2, x2, x18
_loop16:
cmp x2, #16
b.lo _loop1
diff --git a/plat/nvidia/tegra/common/tegra_pm.c b/plat/nvidia/tegra/common/tegra_pm.c
index d0191d0..27dd3a2 100644
--- a/plat/nvidia/tegra/common/tegra_pm.c
+++ b/plat/nvidia/tegra/common/tegra_pm.c
@@ -96,6 +96,9 @@
static void tegra_pwr_domain_off(const psci_power_state_t *target_state)
{
(void)tegra_soc_pwr_domain_off(target_state);
+
+ /* disable GICC */
+ tegra_gic_cpuif_deactivate();
}
/*******************************************************************************
diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
index 9441437..14bf049 100644
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@@ -84,7 +84,7 @@
certificates: $(ROT_KEY)
- $(ROT_KEY):
+ $(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
$(Q)openssl genrsa 2048 > $@ 2>/dev/null
diff --git a/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h b/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h
index 9c4a724..2252557 100644
--- a/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h
+++ b/plat/qti/qtiseclib/inc/qtiseclib_cb_interface.h
@@ -16,6 +16,9 @@
/* Standard Library API's */
void *qtiseclib_cb_memcpy(void *dst, const void *src, size_t len);
+int qtiseclib_cb_strcmp(const char *s1, const char *s2);
+void *qtiseclib_cb_memset(void *s, int c, size_t n);
+void *qtiseclib_cb_memmove(void *dest, const void *src, size_t n);
#define QTISECLIB_CB_ERROR(...) qtiseclib_cb_log(QTISECLIB_LOG_LEVEL_ERROR, __VA_ARGS__)
#define QTISECLIB_CB_NOTICE(...) qtiseclib_cb_log(QTISECLIB_LOG_LEVEL_NOTICE, __VA_ARGS__)
@@ -41,6 +44,8 @@
void qtiseclib_cb_udelay(uint32_t usec);
+int qtiseclib_cb_console_flush(void);
+
#if QTI_SDI_BUILD
int qtiseclib_cb_mmap_remove_dynamic_region(uintptr_t base_va, size_t size);
int qtiseclib_cb_mmap_add_dynamic_region(unsigned long long base_pa,
diff --git a/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c b/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c
index 1b1393e..331a104 100644
--- a/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c
+++ b/plat/qti/qtiseclib/src/qtiseclib_cb_interface.c
@@ -29,6 +29,21 @@
return memcpy(dst, src, len);
}
+int qtiseclib_cb_strcmp(const char *s1, const char *s2)
+{
+ return strcmp(s1, s2);
+}
+
+void *qtiseclib_cb_memset(void *s, int c, size_t n)
+{
+ return memset(s, c, n);
+}
+
+void *qtiseclib_cb_memmove(void *dest, const void *src, size_t n)
+{
+ return memmove(dest, src, n);
+}
+
/* Printing logs below or equal LOG_LEVEL from QTISECLIB. */
void qtiseclib_cb_log(unsigned int loglvl, const char *fmt, ...)
{
@@ -106,6 +121,11 @@
udelay(usec);
}
+int qtiseclib_cb_console_flush(void)
+{
+ return console_flush();
+}
+
#if QTI_SDI_BUILD
void qtiseclib_cb_get_ns_ctx(qtiseclib_dbg_a64_ctxt_regs_type *qti_ns_ctx)
{
diff --git a/plat/rockchip/common/params_setup.c b/plat/rockchip/common/params_setup.c
index 2ff81ed..aec53ee 100644
--- a/plat/rockchip/common/params_setup.c
+++ b/plat/rockchip/common/params_setup.c
@@ -230,12 +230,27 @@
void params_early_setup(u_register_t plat_param_from_bl2)
{
+ int ret;
+
/*
* Test if this is a FDT passed as a platform-specific parameter
* block.
*/
- if (!dt_process_fdt(plat_param_from_bl2))
+ ret = dt_process_fdt(plat_param_from_bl2);
+ if (!ret) {
+ return;
+ } else if (ret != -FDT_ERR_BADMAGIC) {
+ /*
+ * If we found an FDT but couldn't parse it (e.g. corrupt, not
+ * enough space), return and don't attempt to parse the param
+ * as something else, since we know that will also fail. All
+ * we're doing is setting up UART, this doesn't need to be
+ * fatal.
+ */
+ WARN("%s: found FDT but could not parse: error %d\n",
+ __func__, ret);
return;
+ }
bl_aux_params_parse(plat_param_from_bl2, rk_aux_param_handler);
}
diff --git a/plat/rpi/rpi3/platform.mk b/plat/rpi/rpi3/platform.mk
index 4d627b8..6c23923 100644
--- a/plat/rpi/rpi3/platform.mk
+++ b/plat/rpi/rpi3/platform.mk
@@ -210,7 +210,7 @@
certificates: $(ROT_KEY)
- $(ROT_KEY):
+ $(ROT_KEY): | $(BUILD_PLAT)
@echo " OPENSSL $@"
$(Q)openssl genrsa 2048 > $@ 2>/dev/null
diff --git a/services/spd/trusty/smcall.h b/services/spd/trusty/smcall.h
index 9c1c38c..c66f7db 100644
--- a/services/spd/trusty/smcall.h
+++ b/services/spd/trusty/smcall.h
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -71,4 +72,11 @@
#define SMC_YC_VDEV_KICK_VQ SMC_YIELDCALL_NR(SMC_ENTITY_TRUSTED_OS, 24U)
#define SMC_YC_SET_ROT_PARAMS SMC_YIELDCALL_NR(SMC_ENTITY_TRUSTED_OS, 65535U)
+/*
+ * Standard Trusted OS Function IDs that fall under Trusted OS call range
+ * according to SMC calling convention
+ */
+#define SMC_FC64_GET_UUID SMC_FASTCALL64_NR(63U, 0xFF01U) /* Implementation UID */
+#define SMC_FC_GET_UUID SMC_FASTCALL_NR(63U, 0xFF01U) /* Implementation.UID */
+
#endif /* SMCALL_H */
diff --git a/services/spd/trusty/trusty.c b/services/spd/trusty/trusty.c
index b10da76..e102b82 100644
--- a/services/spd/trusty/trusty.c
+++ b/services/spd/trusty/trusty.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,11 +17,18 @@
#include <common/debug.h>
#include <common/runtime_svc.h>
#include <lib/el3_runtime/context_mgmt.h>
+#include <lib/smccc.h>
#include <plat/common/platform.h>
+#include <tools_share/uuid.h>
#include "sm_err.h"
#include "smcall.h"
+/* Trusty UID: RFC-4122 compliant UUID version 4 */
+DEFINE_SVC_UUID2(trusty_uuid,
+ 0x40ee25f0, 0xa2bc, 0x304c, 0x8c, 0x4c,
+ 0xa1, 0x73, 0xc5, 0x7d, 0x8a, 0xf1);
+
/* macro to check if Hypervisor is enabled in the HCR_EL2 register */
#define HYP_ENABLE_FLAG 0x286001U
@@ -256,6 +264,11 @@
SMC_RET1(handle, SMC_UNK);
} else {
switch (smc_fid) {
+ case SMC_FC64_GET_UUID:
+ case SMC_FC_GET_UUID:
+ /* provide the UUID for the service to the client */
+ SMC_UUID_RET(handle, trusty_uuid);
+ break;
case SMC_FC64_SET_FIQ_HANDLER:
return trusty_set_fiq_handler(handle, x1, x2, x3);
case SMC_FC64_GET_FIQ_REGS:
@@ -263,6 +276,12 @@
case SMC_FC_FIQ_EXIT:
return trusty_fiq_exit(handle, x1, x2, x3);
default:
+ /* Not all OENs greater than SMC_ENTITY_SECURE_MONITOR are supported */
+ if (SMC_ENTITY(smc_fid) > SMC_ENTITY_SECURE_MONITOR) {
+ VERBOSE("%s: unsupported SMC FID (0x%x)\n", __func__, smc_fid);
+ SMC_RET1(handle, SMC_UNK);
+ }
+
if (is_hypervisor_mode())
vmid = SMC_GET_GP(handle, CTX_GPREG_X7);
@@ -502,7 +521,7 @@
trusty_fast,
OEN_TOS_START,
- SMC_ENTITY_SECURE_MONITOR,
+ OEN_TOS_END,
SMC_TYPE_FAST,
trusty_setup,
trusty_smc_handler
diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
index 7d207ea..6aab558 100644
--- a/services/std_svc/spmd/spmd_main.c
+++ b/services/std_svc/spmd/spmd_main.c
@@ -46,7 +46,14 @@
******************************************************************************/
spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr)
{
- return &spm_core_context[plat_core_pos_by_mpidr(mpidr)];
+ int core_idx = plat_core_pos_by_mpidr(mpidr);
+
+ if (core_idx < 0) {
+ ERROR("Invalid mpidr: %llx, returned ID: %d\n", mpidr, core_idx);
+ panic();
+ }
+
+ return &spm_core_context[core_idx];
}
/*******************************************************************************
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
index 418e06c..0ec08b0 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
@@ -7,6 +7,7 @@
PLAT := none
V ?= 0
DEBUG := 0
+CRTTOOL ?= cert_create${BIN_EXT}
BINARY := $(notdir ${CRTTOOL})
OPENSSL_DIR := /usr
COT := tbbr
diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
index ebbc66a..6eb6fae 100644
--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
@@ -7,6 +7,7 @@
V ?= 0
BUILD_INFO ?= 1
DEBUG := 0
+ENCTOOL ?= encrypt_fw${BIN_EXT}
BINARY := $(notdir ${ENCTOOL})
OPENSSL_DIR := /usr
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
index 0ede6ce..df8ab5c 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
@@ -8,6 +8,7 @@
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+FIPTOOL ?= fiptool${BIN_EXT}
PROJECT := $(notdir ${FIPTOOL})
OBJECTS := fiptool.o tbbr_config.o
V ?= 0
diff --git a/tools/fiptool/Makefile.msvc b/tools/fiptool/Makefile.msvc
index 58dbb89..9081bc6 100644
--- a/tools/fiptool/Makefile.msvc
+++ b/tools/fiptool/Makefile.msvc
@@ -1,30 +1,37 @@
-#
-# Copyright (c) 2019, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-
-CC = cl.exe
-LD = link.exe
-
-FIPTOOL = fiptool.exe
-OBJECTS = fiptool.obj tbbr_config.obj win_posix.obj
-
-INC = -I. -I..\..\include\tools_share
-CFLAGS = $(CFLAGS) /nologo /Za /Zi /c /O2 /MT
-
-all: $(FIPTOOL)
-
-$(FIPTOOL): $(OBJECTS)
- $(LD) /INCREMENTAL:NO /debug /nodefaultlib:libc.lib /out:$@ $(LIBS) $**
-
-.PHONY: clean realclean
-
-clean:
- del /f /q $(OBJECTS) > nul
-
-realclean:
- del /f /q $(OBJECTS) $(FIPTOOL) > nul
-
-.c.obj:
- $(CC) -c $(CFLAGS) $(INC) $< -Fo$@
+#
+# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+CC = cl.exe
+LD = link.exe
+
+# FIPTOOLPATH and FIPTOOL are passed from the main makefile.
+
+OBJECTS = $(FIPTOOLPATH)\fiptool.obj \
+ $(FIPTOOLPATH)\tbbr_config.obj \
+ $(FIPTOOLPATH)\win_posix.obj
+
+INC = -I$(FIPTOOLPATH) -Iinclude\tools_share
+
+CFLAGS = $(CFLAGS) /nologo /Za /Zi /c /O2 /MT
+
+all: $(FIPTOOL)
+
+$(FIPTOOL): $(OBJECTS)
+ $(LD) /nologo /INCREMENTAL:NO /debug /nodefaultlib:libc.lib /out:$@ $(LIBS) $**
+
+.PHONY: clean realclean
+
+clean:
+ -@del /f /q $(OBJECTS) > nul
+ -@del /f /q $(FIPTOOLPATH)\*.pdb > nul
+
+realclean:
+ -@del /f /q $(OBJECTS) > nul
+ -@del /f /q $(FIPTOOLPATH)\*.pdb > nul
+ -@del /f /q $(FIPTOOL) > nul
+
+.c.obj:
+ $(CC) -c $(CFLAGS) $(INC) $< -Fo$@
diff --git a/tools/fiptool/win_posix.c b/tools/fiptool/win_posix.c
index 48feb16..33b44d4 100644
--- a/tools/fiptool/win_posix.c
+++ b/tools/fiptool/win_posix.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017 - 2020, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -137,7 +137,8 @@
* Note that we only match over the shorter length of the pair, to allow
* for abbreviation or say --match=value
* Long option names may be abbreviated if the abbreviation is unique or an
- * exact match for some defined option.
+ * exact match for some defined option. This function does not check that the
+ * abbreviations are unique and should be handled by the caller.
* A long option may take a parameter, of the form --opt=param or --opt param.
*/
static
@@ -160,42 +161,72 @@
{
int result = RET_UNKNOWN_OPT;
size_t loptn = 0;
+ bool match_found = false;
- while (longopts[loptn].name != 0) {
- if (optmatch(optname, longopts[loptn].name) == 0) {
- /* We found a match. */
- result = longopts[loptn].val;
- if (indexptr != 0)
- *indexptr = loptn;
- switch (longopts[loptn].has_arg) {
- case required_argument:
- if ((optind + 1) >= argc) {
- /* Missing argument. */
- optopt = result;
- return RET_NO_PARAM;
- }
- /* Fallthrough to get option value. */
+ /*
+ * Long option names may be abbreviated if the abbreviation
+ * is unique or an exact match for some defined option.
+ * To handle this:
+ * - First search for an exact match.
+ * - If exact match was not found search for a abbreviated match.
+ * By doing this an incorrect option selection can be avoided.
+ */
- case optional_argument:
- if ((argc - optind) > 0) {
- /* Found argument. */
- optarg = argv[++optind];
- }
- /* Fallthrough to handle flag. */
+ /* 1. Search for an exact match. */
+ while (longopts[loptn].name != NULL) {
+ if (strcmp(optname, longopts[loptn].name) == 0) {
+ match_found = true;
+ break;
+ }
+ ++loptn;
+ }
- case no_argument:
- optind++;
- if (longopts[loptn].flag != 0) {
- *longopts[loptn].flag = result;
- result = 0;
- }
+ /* 2. If exact match was not found search for a abbreviated match. */
+ if (!match_found) {
+ loptn = 0;
+ while (longopts[loptn].name != NULL) {
+ if (optmatch(optname, longopts[loptn].name) == 0) {
+ match_found = true;
break;
+ }
+ ++loptn;
+ }
+ }
+
+ if (match_found) {
+ /* We found a match. */
+ result = longopts[loptn].val;
+ if (indexptr != 0) {
+ *indexptr = loptn;
+ }
+ switch (longopts[loptn].has_arg) {
+ case required_argument:
+ if ((optind + 1) >= argc) {
+ /* Missing argument. */
+ optopt = result;
+ return RET_NO_PARAM;
+ }
+ /* Fallthrough to get option value. */
+ case optional_argument:
+ if ((argc - optind) > 0) {
+ /* Found argument. */
+ optarg = argv[++optind];
}
- return result;
+ /* Fallthrough to handle flag. */
+
+ case no_argument:
+ optind++;
+ if (longopts[loptn].flag != 0) {
+ *longopts[loptn].flag = result;
+ result = 0;
+ }
+ break;
+
}
- ++loptn;
+ return result;
}
+
/*
* If getopt finds an option character in argv that was not included
* in options, ... it returns '?' and sets the external variable
diff --git a/tools/fiptool/win_posix.h b/tools/fiptool/win_posix.h
index 836ffed..6f0d8e6 100644
--- a/tools/fiptool/win_posix.h
+++ b/tools/fiptool/win_posix.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,13 +9,15 @@
#define _CRT_SECURE_NO_WARNINGS
-#include <direct.h>
-#include <io.h>
+#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
+#include <direct.h>
+#include <io.h>
+
#include "uuid.h"
/* Derive or provide Windows equivalents of Posix/GCC/Unix stuff. */
diff --git a/tools/sptool/Makefile b/tools/sptool/Makefile
index f724c26..1fa85fb 100644
--- a/tools/sptool/Makefile
+++ b/tools/sptool/Makefile
@@ -8,6 +8,7 @@
include ${MAKE_HELPERS_DIRECTORY}build_macros.mk
include ${MAKE_HELPERS_DIRECTORY}build_env.mk
+SPTOOL ?= sptool${BIN_EXT}
PROJECT := $(notdir ${SPTOOL})
OBJECTS := sptool.o
V ?= 0