| Age | Commit message (Collapse) | Author |
|---|
|
Fix one of the two titles that ended up being the same, although both
describe different things.
Change-Id: I66ecf369643709898ee4c014659d8f85c0480643
|
|
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
|
|
This patch adds capability to load BL images based on image
descriptors instead of hard coded way of loading BL images.
This framework is designed such that it can be readily adapted
by any BL stage that needs to load images.
In order to provide the above capability the following new
platform functions are introduced:
bl_load_info_t *plat_get_bl_image_load_info(void);
This function returns pointer to the list of images that the
platform has populated to load.
bl_params_t *plat_get_next_bl_params(void);
This function returns a pointer to the shared memory that the
platform has kept aside to pass trusted firmware related
information that next BL image needs.
void plat_flush_next_bl_params(void);
This function flushes to main memory all the params that
are passed to next image.
int bl2_plat_handle_post_image_load(unsigned int image_id)
This function can be used by the platforms to update/use
image information for given `image_id`.
`desc_image_load.c` contains utility functions which can be used
by the platforms to generate, load and executable, image list
based on the registered image descriptors.
This patch also adds new version of `load_image/load_auth_image`
functions in-order to achieve the above capability.
Following are the changes for the new version as compared to old:
- Refactor the signature and only keep image_id and image_info_t
arguments. Removed image_base argument as it is already passed
through image_info_t. Given that the BL image base addresses and
limit/size are already provided by the platforms, the meminfo_t
and entry_point_info arguments are not needed to provide/reserve
the extent of free memory for the given BL image.
- Added check for the image size against the defined max size.
This is needed because the image size could come from an
unauthenticated source (e.g. the FIP header).
To make this check, new member is added to the image_info_t
struct for identifying the image maximum size.
New flag `LOAD_IMAGE_V2` is added in the Makefile.
Default value is 0.
NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
`LOAD_IMAGE_V2` is enabled.
Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
|
|
This patch adds support for NODE_HW_STATE PSCI API by introducing a new
PSCI platform hook (get_node_hw_state). The implementation validates
supplied arguments, and then invokes this platform-defined hook and
returns its result to the caller. PSCI capabilities are updated
accordingly.
Also updates porting and firmware design guides.
Change-Id: I808e55bdf0c157002a7c104b875779fe50a68a30
|
|
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
|
|
This patch adds following optional PSCI STAT functions:
- PSCI_STAT_RESIDENCY: This call returns the amount of time spent
in power_state in microseconds, by the node represented by the
`target_cpu` and the highest level of `power_state`.
- PSCI_STAT_COUNT: This call returns the number of times a
`power_state` has been used by the node represented by the
`target_cpu` and the highest power level of `power_state`.
These APIs provides residency statistics for power states that has
been used by the platform. They are implemented according to v1.0
of the PSCI specification.
By default this optional feature is disabled in the PSCI
implementation. To enable it, set the boolean flag
`ENABLE_PSCI_STAT` to 1. This also sets `ENABLE_PMF` to 1.
Change-Id: Ie62e9d37d6d416ccb1813acd7f616d1ddd3e8aff
|
|
Allow dynamic overriding of ROTPK verification
|
|
A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.
Fixes ARM-software/tf-issues#381
Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb
|
|
* Move stdlib header files from include/stdlib to include/lib/stdlib for
consistency with other library headers.
* Fix checkpatch paths to continue excluding stdlib files.
* Create stdlib.mk to define the stdlib source files and include directories.
* Include stdlib.mk from the top level Makefile.
* Update stdlib header path in the fip_create Makefile.
* Update porting-guide.md with the new paths.
Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa
|
|
This patch adds a new optional platform hook `pwr_domain_pwr_down_wfi()` in
the plat_psci_ops structure. This hook allows the platform to perform platform
specific actions including the wfi invocation to enter powerdown. This hook
is invoked by both psci_do_cpu_off() and psci_cpu_suspend_start() functions.
The porting-guide.md is also updated for the same.
This patch also modifies the `psci_power_down_wfi()` function to invoke
`plat_panic_handler` incase of panic instead of the busy while loop.
Fixes ARM-Software/tf-issues#375
Change-Id: Iba104469a1445ee8d59fb3a6fdd0a98e7f24dfa3
|
|
Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
plat_get_syscnt_freq. The old one has been flagged as deprecated.
Common code has been updated to use this new version. Porting guide
has been updated.
Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
|
|
Emmc v3
|
|
Add MAX_IO_BLOCK_DEVICES in porting guide. It's necessary to define
this macro to support io block device. With this macro, multiple
block devices could be opened at the same time. Each block device
stores its own state.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
The translation table library code has moved from lib/aarch64/ to
lib/xlat_tables/ since commit 3ca9928df but the Porting Guide still
points to the old location. This patch fixes this issue.
Change-Id: I983a9a100d70eacf6bac71725ffbb4bb5f3732b0
|
|
It is up to the platform to implement the new plat_crash_print_regs macro to
report all relevant platform registers helpful for troubleshooting.
plat_crash_print_regs merges or calls previously defined plat_print_gic_regs
and plat_print_interconnect_regs macros for each existing platforms.
NOTE: THIS COMMIT REQUIRES ALL PLATFORMS THAT ENABLE THE `CRASH_REPORTING`
BUILD FLAG TO MIGRATE TO USE THE NEW `plat_crash_print_regs()` MACRO. BY
DEFAULT, `CRASH_REPORTING` IS ENABLED IN DEBUG BUILDS FOR ALL PLATFORMS.
Fixes: arm-software/tf-issues#373
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
|
|
Rename BL33_BASE and make it work with RESET_TO_BL31
|
|
To avoid confusion the build option BL33_BASE has been renamed to
PRELOADED_BL33_BASE, which is more descriptive of what it does and
doesn't get mistaken by similar names like BL32_BASE that work in a
completely different way.
NOTE: PLATFORMS USING BUILD OPTION `BL33_BASE` MUST CHANGE TO THE NEW
BUILD OPTION `PRELOADED_BL33_BASE`.
Change-Id: I658925ebe95406edf0325f15aa1752e1782aa45b
|
|
TBB NVcounter support
|
|
Modify return type of plat_get_ns_image_entrypoint()
|
|
This patch modifies the return type of the platform API
`plat_get_ns_image_entrypoint()` from `unsigned long` to
`uintptr_t` in accordance with the coding guidelines.
Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
|
|
lib/aarch64/xlat_helpers.c defines helper functions to build
translation descriptors, but no common code or upstream platform
port uses them. As the rest of the xlat_tables code evolves, there
may be conflicts with these helpers, therefore this code should be
removed.
Change-Id: I9f5be99720f929264818af33db8dada785368711
|
|
This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.
The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.
** NEW PLATFORM APIs (mandatory when TBB is enabled) **
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
This API sets a new counter value. The cookie may be
used to select the counter to be updated.
An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.
** IMPORTANT **
THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.
Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
|
|
Enable preloaded BL33 alternative boot flow
|
|
The Firmware Design document is meant to provide a general overview
of the Trusted Firmware code. Although it is useful to provide some
guidance around the responsibilities of the platform layer, it should
not provide too much platform specific implementation details. Right
now, some sections are too tied to the implementation on ARM
platforms. This makes the Firmware Design document harder to digest.
This patch simplifies this aspect of the Firmware Design document.
The sections relating the platform initialisations performed by the
different BL stages have been simplified and the extra details about
the ARM platforms implementation have been moved to the Porting Guide
when appropriate.
This patch also provides various documentation fixes and additions
in the Firmware Design and Platform Porting Guide. In particular:
- Update list of SMCs supported by BL1.
- Remove MMU setup from architectural inits, as it is actually
performed by platform code.
- Similarly, move runtime services initialisation, BL2 image
initialization and BL33 execution out of the platform
initialisation paragraph.
- List SError interrupt unmasking as part of BL1 architectural
initialization.
- Mention Trusted Watchdog enabling in BL1 on ARM platforms.
- Fix order of steps in "BL2 image load and execution" section.
- Refresh section about GICv3/GICv2 drivers initialisation on
ARM platforms.
Change-Id: I32113c4ffdc26687042629cd8bbdbb34d91e3c14
|
|
Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.
Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().
All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.
Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
|
|
Porting guide: Clarify API that don't follow AAPCS
|
|
This patch clarifies a porting API in the Porting Guide that do not
follow the ARM Architecture Program Calling Standards (AAPCS). The
list of registers that are allowed to be clobbered by this API has
been updated in the Porting Guide.
Fixes ARM-software/tf-issues#259
Change-Id: Ibf2adda2e1fb3e9b8f53d8a918d5998356eb8fce
|
|
Enable alternative boot flow where BL2 does not load BL33 from
non-volatile storage, and BL31 hands execution over to a preloaded
BL33.
The flag used to enable this bootflow is BL33_BASE, which must hold
the entrypoint address of the BL33 image. The User Guide has been
updated with an example of how to use this option with a bootwrapped
kernel.
Change-Id: I48087421a7b0636ac40dca7d457d745129da474f
|
|
Pl061 gpio v5
|
|
ARM PL061 GPIO driver requires the "PLAT_PL061_MAX_GPIOS" definition.
By default, it's defined to 32 in PL061 GPIO driver. If user wants
more PL061 controllers in platform, user should define the build
flag in platform.mk instead.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
|
|
Porting Guide: Clarify identity-mapping requirement
|
|
Disable PL011 UART before configuring it
|
|
The memory translation library in Trusted Firmware supports
non-identity mappings for Physical to Virtual addresses since commit
f984ce84ba. However, the porting guide hasn't been updated
accordingly and still mandates the platform ports to use
identity-mapped page tables for all addresses.
This patch removes this out-dated information from the Porting Guide
and clarifies in which circumstances non-identity mapping may safely
be used.
Fixes ARM-software/tf-issues#258
Change-Id: I84dab9f3cabfc43794951b1828bfecb13049f706
|
|
The PL011 TRM (ARM DDI 0183G) specifies that the UART must be
disabled before any of the control registers are programmed. The
PL011 driver included in TF does not disable the UART, so the
initialization in BL2 and BL31 is violating this requirement
(and potentially in BL1 if the UART is enabled after reset).
This patch modifies the initialization function in the PL011
console driver to disable the UART before programming the
control registers.
Register clobber list and documentation updated.
Fixes ARM-software/tf-issues#300
Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
|
|
Update doc links in the porting guide
|
|
GIC v2 and v3 specification references in the porting guide
should refer to publically visible links, not ARM internal links.
Change-Id: Ib47c8adda6a03581f23bcaed72d71c08c7dd9fb1
Signed-off-by: Yuping Luo <yuping.luo@arm.com>
|
|
Migrate all direct usage of __attribute__ to usage of their
corresponding macros from cdefs.h.
e.g.:
- __attribute__((unused)) -> __unused
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
|
|
This patch adds a brief description of 'MAX_MMAP_REGIONS' and
'ADDR_SPACE_SIZE' to the Porting Guide. These fields must be defined
by the platform in order to use the translation table library.
Change-Id: Ida366458fe2bc01979091a014dc38da0fae5991e
|
|
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
|
|
This patch adds design documentation for the Firmware Update (FWU)
feature in `firmware-update.md`. It provides an overview of FWU,
describes the BL1 SMC interface, and includes diagrams showing
an example FWU boot flow and the FWU state machine.
This patch also updates the existing TF documents where needed:
* `porting-guide.md`
* `user-guide.md`
* `firmware-design.md`
* `rt-svc-writers-guide.md`
* `trusted_board_boot.md`
Change-Id: Ie6de31544429b18f01327bd763175e218299a4ce
Co-Authored-By: Dan Handley <dan.handley@arm.com>
|
|
This patch updates the relevant documentation in ARM Trusted Firmware
for the new GIC drivers. The user-guide.md and porting-guide.md have been
updated as follows:
* The build option to compile Trusted Firmware with different GIC drivers
for FVP has been explained in the user-guide.md.
* The implementation details of interrupt management framework porting
APIs for GICv3 have been added in porting-guide.md.
* The Linaro tracking kernel release does not work OOB in GICv3 mode.
The instructions for changing UEFI configuration in order to run with
the new GICv3 driver in ARM TF have been added to user-guide.md.
The interrupt-framework-design.md has been updated as follows:
* Describes support for registering and handling interrupts targeted to EL3
e.g. Group 0 interrupts in GICv3.
* Describes the build option `TSP_NS_INTR_ASYNC_PREEMPT` in detail.
* Describes preemption of TSP in S-EL1 by non secure interrupts and
also possibly by higher priority EL3 interrupts.
* Describes the normal world sequence for issuing `standard` SMC calls.
* Modifies the document to correspond to the current state of interrupt
handling in TSPD and TSP.
* Modifies the various functions names in the document to reflect
the current names used in code.
Change-Id: I78c9514b5be834f193405aad3c1752a4a9e27a6c
|
|
This patch removes the dash character from the image name, to
follow the image terminology in the Trusted Firmware Wiki page:
https://github.com/ARM-software/arm-trusted-firmware/wiki
Changes apply to output messages, comments and documentation.
non-ARM platform files have been left unmodified.
Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
|
|
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):
BL0 --> SCP_BL1
BL30, BL3-0 --> SCP_BL2
bl30 --> scp_bl2
This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.
IMPORTANT: build option to specify the SCP FW image has changed:
BL30 --> SCP_BL2
IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:
BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
BL30_BASE --> SCP_BL2_BASE
bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
|
|
This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:
* Certificate UUID names
* Certificate identifier names
* OID names
Changes apply to:
* Generic code (variables and defines)
* The default certificate identifiers provided in the generic
code
* Build system
* ARM platforms port
* cert_create tool internal definitions
* fip_create and cert_create tools command line options
* Documentation
IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:
Certificate UUIDs:
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
Certificate identifiers:
BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
OIDs:
TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
BL30_HASH_OID --> SCP_FW_HASH_OID
BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
BL31_HASH_OID --> SOC_AP_FW_HASH_OID
BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
NS_BL2U_HASH_OID --> FWU_HASH_OID
Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
|
|
This patch overrides the default weak definition of
`bl31_plat_runtime_setup()` for ARM Standard platforms to
specify a BL31 runtime console. ARM Standard platforms are
now expected to define `PLAT_ARM_BL31_RUN_UART_BASE` and
`PLAT_ARM_BL31_RUN_UART_CLK_IN_HZ` macros which is required
by `arm_bl31_plat_runtime_setup()` to initialize the runtime
console.
The system suspend resume helper `arm_system_pwr_domain_resume()`
is fixed to initialize the runtime console rather than the boot
console on resumption from system suspend.
Fixes ARM-software/tf-issues#220
Change-Id: I80eafe5b6adcfc7f1fdf8b99659aca1c64d96975
|
|
It is not ideal for BL31 to continue to use boot console at
runtime which could be potentially uninitialized. This patch
introduces a new optional platform porting API
`bl31_plat_runtime_setup()` which allows the platform to perform
any BL31 runtime setup just prior to BL31 exit during cold boot.
The default weak implementation of this function will invoke
`console_uninit()` which will suppress any BL31 runtime logs.
On the ARM Standard platforms, there is an anomaly that
the boot console will be reinitialized on resumption from
system suspend in `arm_system_pwr_domain_resume()`. This
will be resolved in the following patch.
NOTE: The default weak definition of `bl31_plat_runtime_setup()`
disables the BL31 console. To print the BL31 runtime
messages, platforms must override this API and initialize a
runtime console.
Fixes ARM-software/tf-issues#328
Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a
|
|
Add support to boot EL3 payloads and only a single CPU at cold reset
|
|
This patch introduces a new build option named COLD_BOOT_SINGLE_CPU,
which allows platforms that only release a single CPU out of reset to
slightly optimise their cold boot code, both in terms of code size
and performance.
COLD_BOOT_SINGLE_CPU defaults to 0, which assumes that the platform
may release several CPUs out of reset. In this case, the cold reset
code needs to coordinate all CPUs via the usual primary/secondary
CPU distinction.
If a platform guarantees that only a single CPU will ever be released
out of reset, there is no need to arbitrate execution ; the notion of
primary and secondary CPUs itself no longer exists. Such platforms
may set COLD_BOOT_SINGLE_CPU to 1 in order to compile out the
primary/secondary CPU identification in the cold reset code.
All ARM standard platforms can release several CPUs out of reset
so they use COLD_BOOT_SINGLE_CPU=0. However, on CSS platforms like
Juno, bringing up more than one CPU at reset should only be attempted
when booting an EL3 payload, as it is not fully supported in the
normal boot flow.
For platforms using COLD_BOOT_SINGLE_CPU=1, the following 2 platform
APIs become optional:
- plat_secondary_cold_boot_setup();
- plat_is_my_cpu_primary().
The Porting Guide has been updated to reflect that.
User Guide updated as well.
Change-Id: Ic5b474e61b7aec1377d1e0b6925d17dfc376c46b
|
|
Normally, in the FVP port, secondary CPUs are immediately powered
down if they are powered on at reset. However, when booting an EL3
payload, we need to keep them powered on as the requirement is for
all CPUs to enter the EL3 payload image. This patch puts them in a
holding pen instead of powering them off.
Change-Id: I6526a88b907a0ddb820bead72f1d350a99b1692c
|
|
This patch adds support for booting EL3 payloads on CSS platforms,
for example Juno. In this scenario, the Trusted Firmware follows
its normal boot flow up to the point where it would normally pass
control to the BL31 image. At this point, it jumps to the EL3
payload entry point address instead.
Before handing over to the EL3 payload, the data SCP writes for AP
at the beginning of the Trusted SRAM is restored, i.e. we zero the
first 128 bytes and restore the SCP Boot configuration. The latter
is saved before transferring the BL30 image to SCP and is restored
just after the transfer (in BL2). The goal is to make it appear that
the EL3 payload is the first piece of software to run on the target.
The BL31 entrypoint info structure is updated to make the primary
CPU jump to the EL3 payload instead of the BL31 image.
The mailbox is populated with the EL3 payload entrypoint address,
which releases the secondary CPUs out of their holding pen (if the
SCP has powered them on). The arm_program_trusted_mailbox() function
has been exported for this purpose.
The TZC-400 configuration in BL2 is simplified: it grants secure
access only to the whole DRAM. Other security initialization is
unchanged.
This alternative boot flow is disabled by default. A new build option
EL3_PAYLOAD_BASE has been introduced to enable it and provide the EL3
payload's entry point address. The build system has been modified
such that BL31 and BL33 are not compiled and/or not put in the FIP in
this case, as those images are not used in this boot flow.
Change-Id: Id2e26fa57988bbc32323a0effd022ab42f5b5077
|
