| Age | Commit message (Collapse) | Author |
|---|
|
* changes:
Fix Coverity #261967, Infinite loop
Fix Coverity #343017, Missing unlock
Fix Coverity #343008, Side affect in assertion
Fix Coverity #342970, Uninitialized scalar variable
|
|
All other returns from this function unlock the responses_lock, so we
also should release the lock in this case.
Change-Id: Ie2cfa8755723fed79e809f9480190d11f373a217
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
|
|
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
|
|
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
|
|
The spm_sp_get_by_uuid() function is used to look up the secure
partition that provides a given service.
Within this function, memcmp() is used to compare the service
UUIDs but it uses the size of the rdsvc->uuid pointer instead of
the size of its content (missing dereference). This means that only
a partial comparison is performed as UUIDs are 128 bits in length and
rdsvc->uuid is a uint32_t typed pointer.
Instead, use the size of the array pointed to by the svc_uuid parameter,
which will be the full 128 bits, for the comparison.
Change-Id: I258fb0cca3bf19f97b8f2a4c133981647cd050e4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Rather than using a fixed virtual address space size, read all regions
in the resource description of each partition and restrict the virtual
address space size to the one the partition actually needs.
This also allows SPM to take advantage of the extension ARMv8.4-TTST if
the virtual address space size is small enough.
Change-Id: I8646aa95e659136b58b44b040364cdee631f7e82
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Right now the virtual address space is fixed to
PLAT_VIRT_ADDR_SPACE_SIZE, so all base translation tables are the same
size and need the same alignment. The current code allocates the exact
space needed by this initial table.
However, a following patch is going to allow each partition to choose
the size of its address space based on the memory regions defined in
their resource description, so it isn't possible to determine this at
build time. As this optimization no longer applies, it has to be
removed.
Change-Id: Ia8d19f4981e1017e4ffe0ba136de73d701044cb0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This gives each Secure Partition complete freedom on its address space.
Previously, the memory used by the exception vectors was reserved and
couldn't be used. Also, it always had to be mapped, forcing SPM to
generate translation tables that included the exception vectors as well
as the Partition memory regions. With this change, partitions can reduce
their address space size easily.
Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Instead of letting the code run until another error is reached, return
early.
Change-Id: I6277a8c65101d3e39b0540099c2a3063584a7dbd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Fix variable shadowing warnings and prevent code duplication.
Change-Id: Idb29cc95d6b6943bc012d7bd430afa0e4a7cbf8c
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
|
|
Improved support for W=2 compilation flag by solving some nested-extern
and sign-compare warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed.
Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
|
|
Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed without heavy
structural changes.
Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
|
|
Since commit 01fc1c24b9a0 ("BL31: Use helper function to save registers
in SMC handler") all the general-purpose registers are saved when
entering EL3. It isn't needed to save them here.
Change-Id: Ic540a5441b89b70888da587ab8fc3b2508cef8cc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Instead of having a custom implementation of setjmp() and longjmp() it
is better to follow the C standard.
The comments in setjmp.h are no longer needed as there are no deviations
from the expected one, so they have been removed.
All SDEI code that relied on them has been fixed to use the new function
prototypes and structs.
Change-Id: I6cd2e21cb5a5bcf81ba12283f2e4c067bd5172ca
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This reverts commit 2f370465241c ("Add support for the SMC Calling
Convention 2.0").
SMCCC v2.0 is no longer required for SPM, and won't be needed in the
future. Removing it makes the SMC handling code less complicated.
The SPM implementation based on SPCI and SPRT was using it, but it has
been adapted to SMCCC v1.0.
Change-Id: I36795b91857b2b9c00437cfbfed04b3c1627f578
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This implementation is no longer deprecated.
Change-Id: I68552d0fd5ba9f08fad4345e4657e8e3c5362a36
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
The SPM implementation based on MM is going to be kept for the
foreseeable future.
Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
|
|
synquacer: add SPM support
|
|
Registered init handlers return a boolean int, not a return code,
so convert the result from the SPM init call before returning it.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
|
Permit unaligned accesses while executing the secure partition
payload, so that we don't have to modify existing code that we
will host there. (The UEFI spec explicitly permits unaligned
accesses)
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
|
Corrects typos in core code, documentation files, drivers, Arm
platforms and services.
None of the corrections affect code; changes are limited to comments
and other documentation.
Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
|
|
Expose the timer registers that are accessible at EL0 per the
architecture to the SPM payload running in secure EL0. Note
that this requires NS_TIMER_SWITCH to be enable for all users
of this code.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
|
Update some asserts that refer to #defines that only occur in
ARM platforms, preventing this code to be used on other platforms.
Instead, use a platform agnostic name, and update all the existing
users.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
|
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5b7 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a282 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988b9 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Rename files prefixed by sp_ to spm_.
Change-Id: Ie3016a4c4ac5987fe6fdd734c6b470c60954e23d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Also, add a disclaimer to explain that the current implementation of SPM
is a prototype that is going to undergo a lot of rework.
Change-Id: I303c1e61c51d9f286cc599fea565fc9ba5a996bf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
The old SMCs SP_MEMORY_ATTRIBUTES_{GET,SET}_AARCH64 have been removed in
favour of SPRT_MEMORY_PERM_ATTR_{GET,SET}_AARCH64.
Change-Id: Idb93cfa5461d0098df941037c5653f7c44b65227
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change-Id: I1fdc2285a3f6517a715ad6159322543fd5a37a37
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Note that the arguments passed during the SMC call don't comply with the
SPCI specifications. This will be fixed in following patches, but it is
needed to implement a few more SPCI SMCs to be able to do it. The
current code allows us to start testing it.
Change-Id: Ic13dcc54c40327df03be1b0f52e8a44f468f06b4
Co-authored-by: Jean-Paul Etienne <jean-paul.etienne@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This buffer is where all the responses from Secure Partitions are stored
until they are requested.
Change-Id: Iafeb8f0848c5ff6f3e187060cd3a47702484dc45
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Blocking calls can only succeed if the target Secure Partition is idle.
Change-Id: Iabeaa0b8d3e653fd8581fa086758936abfc1c772
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Note that the arguments passed during the SMC call don't comply with the
SPCI specifications. This will be fixed in following patches, but it is
needed to implement a few more SPCI SMCs to be able to do it. The
current code allows us to start testing it.
Change-Id: Ief0e75d072b311737fcdb0c6a60ba5b7406a9ee5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change-Id: If57ec9cc0791f49d9ade83dff9d24ef9047963a8
Co-authored-by: Jean-Paul Etienne <jean-paul.etienne@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Introduce SMCs that open and close handles according to the SPCI
specification.
Change-Id: I65f365f15612e01aa445e783e96e48ae275c39fd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change-Id: I2ae9b3bb686c41b2e138132a7bed107925ac861e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change-Id: Ib7c2529b85bb5930d44907edfc8ead13d3b1ef4d
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change-Id: I6673a5f8c2f6afa7780483e0ce8d4dad4c8dc8ea
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Remove interfaces based on MM_COMMUNICATE.
Change-Id: I628c884b91d9f4758269ea2c4dedc37a66bb93cf
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
SPM needs to map a number of regions on behalf of the secure partition.
Previously, it used to get a list of them from platform code using the
plat_get_secure_partition_mmap() API. Now it gets them from the resource
description structure.
The SPM<->SP shared buffer is mapped dynamically at EL3. This buffer is
used to pass information between SPM and SP, so it must be mapped at EL3
as well in order to be used by SPM.
Dynamic translation tables have been enabled when the Trusted Firmware
is compiled with SPM support.
Change-Id: I64ad335e931661812a0a60558e60372e1e5e6b72
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Read entrypoint of the Secure Partition from the resource description
struct.
Change-Id: Ie693c7b4d4fecafd85b6934d9d8c4232efb1dc55
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Load SP and RD from package instead of relying on RD being already
loaded in memory and the SP being loaded as a BL32 image.
Change-Id: I18d4fbf4597656c6a7e878e1d7c01a8a324f3f8a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This information is retrieved from the resource description now.
Change-Id: Iaae23945eb2c45305cdc6442853e42f4e04fe094
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This information is defined by the Secure Partition in the resource
description.
Change-Id: Ia7db90c5de8360a596106880d3f6a632a88d3ea8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
The current SPM is a prototype that only supports one secure partition
in EL0. The objective of SPM is to have multiple partitions. The current
MM interface isn't adequate for this, so it is needed to modify heavily
the code to add proper support for it.
However, there are platforms which are already using this (like SGI) and
removing the code would break it. For this reason, the current SPM code
has been duplicated in order to temporarily preserve compatibility. All
new improvements/changes to SPM will be done in the non-deprecated copy,
that may change without notice.
The new build option SPM_DEPRECATED has been introduced to select the SPM
implementation. It defaults to 1, that selects the deprecated SPM.
Change-Id: Ic9f80b53b450e97b4d3f47e4ef4a138ee8d87443
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Secure world execution nearly always expect a controlled exit to
Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
of Non-secure world, and may have higher priority than Secure world
interrupts. Therefore they might preempt Secure execution, and yield
execution to Non-secure SDEI handler. Upon completion of SDEI event
handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
must resume Secure execution if it was preempted.
Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
|
The current secure partition design mandates that a) at a point, only
a single core can be executing in the secure partition, and b) a core
cannot be preempted by an interrupt while executing in secure
partition.
Ensure this by activating the SPM priority prior to entering the
parition. Deactivate the priority on return from the
partition.
Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
|
|
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.
The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.
The exceptions are files that are imported from other projects:
- CryptoCell driver
- dt-bindings folders
- zlib headers
Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This patch includes context.h from sdei_private.h to fix the
following compilation errors:
<snip>
In file included from services/std_svc/sdei/sdei_event.c:9:0:
services/std_svc/sdei/sdei_private.h: In function 'sdei_client_el':
services/std_svc/sdei/sdei_private.h:164:2: error: unknown type name 'cpu_context_t'
cpu_context_t *ns_ctx = cm_get_context(NON_SECURE);
^
services/std_svc/sdei/sdei_private.h:165:2: error: unknown type name 'el3_state_t'
el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
^
services/std_svc/sdei/sdei_private.h:165:2: error: implicit declaration of function 'get_el3state_ctx' [-Werror=implicit-function-declaration]
services/std_svc/sdei/sdei_private.h:165:25: error: initialization makes pointer from integer without a cast [-Werror]
el3_state_t *el3_ctx = get_el3state_ctx(ns_ctx);
^
services/std_svc/sdei/sdei_private.h:167:2: error: implicit declaration of function 'read_ctx_reg' [-Werror=implicit-function-declaration]
return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
^
services/std_svc/sdei/sdei_private.h:167:33: error: 'CTX_SCR_EL3' undeclared (first use in this function)
return ((read_ctx_reg(el3_ctx, CTX_SCR_EL3) & SCR_HCE_BIT) != 0U) ?
^
services/std_svc/sdei/sdei_private.h:167:33: note: each undeclared identifier is reported only once for each function it appears in
cc1: all warnings being treated as errors
<snip>
Change-Id: Id0cad56accf81b19cb0d301784f3f086dd052722
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
|
|
The specification requires that, after wakeup from a CPU suspend, the
dispatcher must mask all events on the CPU. This patch adds the feature
to the SDEI dispatcher by subscribing to the PSCI suspend to power down
event, and masking all events on the PE.
Change-Id: I9fe1d1bc2a58379ba7bba953a8d8b275fc18902c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
|
|
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
