Commit ef42c3b0 authored by Martin Kepplinger's avatar Martin Kepplinger

Merge branch 'librem5_bump_2.2' into 'librem5'

Librem5 bump to 2.2 tag

See merge request !3
parents c2479040 3995084d
......@@ -43,6 +43,10 @@
# Commit messages might contain a Gerrit Change-Id.
--ignore GERRIT_CHANGE_ID
# Do not check the format of commit messages, as Gerrit's merge commits do not
# preserve it.
--ignore GIT_COMMIT_ID
# FILE_PATH_CHANGES reports this kind of message:
# "added, moved or deleted file(s), does MAINTAINERS need updating?"
# We do not use this MAINTAINERS file process in TF.
......
#
# Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2017-2019, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# ARM Trusted Firmware Coding style spec for editors.
# Trusted Firmware-A Coding style spec for editors.
# References:
# [EC] http://editorconfig.org/
# [CONT] contributing.rst
# [LCS] Linux Coding Style
# (https://www.kernel.org/doc/html/v4.10/process/coding-style.html)
# [PEP8] Style Guide for Python Code
# (https://www.python.org/dev/peps/pep-0008)
root = true
......@@ -52,11 +54,19 @@ tab_width = 8
trim_trailing_whitespace = true
# Adjustment for existing .rst files with different format
[*.{rst,md}]
# Adjustment for ReStructuredText (RST) documentation
[*.{rst}]
indent_size = 4
indent_style = space
max_line_length = 180
# 180 only selected to prevent changes to existing text.
tab_width = 4
# Adjustment for python which prefers a different style
[*.py]
# [PEP8] Indentation
# "Use 4 spaces per indentation level."
indent_size = 4
indent_style = space
# [PEP8] Maximum Line Length
# "Limit all lines to a maximum of 79 characters."
max_line_length = 79
......@@ -22,7 +22,7 @@ tools/cert_create/src/**/*.o
tools/cert_create/cert_create
tools/cert_create/cert_create.exe
tools/marvell/doimage/doimage
tools/meson/doimage
tools/amlogic/doimage
tools/stm32image/*.o
tools/stm32image/stm32image
tools/stm32image/stm32image.exe
......
......@@ -8,7 +8,7 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 2
VERSION_MINOR := 1
VERSION_MINOR := 2
# Default goal is build all images
.DEFAULT_GOAL := all
......@@ -141,6 +141,15 @@ else
$(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
endif
# USE_SPINLOCK_CAS requires AArch64 build
ifeq (${USE_SPINLOCK_CAS},1)
ifneq (${ARCH},aarch64)
$(error USE_SPINLOCK_CAS requires AArch64)
else
$(info USE_SPINLOCK_CAS is an experimental feature)
endif
endif
################################################################################
# Toolchain
################################################################################
......@@ -256,9 +265,14 @@ WARNINGS += -Wunused -Wno-unused-parameter \
-Wvla
ifeq ($(findstring clang,$(notdir $(CC))),)
# not using clang
WARNINGS += -Wunused-but-set-variable \
-Wmaybe-uninitialized \
-Wpacked-bitfield-compat
-Wpacked-bitfield-compat \
-Wshift-overflow=2
else
# using clang
WARNINGS += -Wshift-overflow -Wshift-sign-overflow
endif
ifneq (${E},0)
......@@ -268,12 +282,19 @@ endif
CPPFLAGS = ${DEFINES} ${INCLUDES} ${MBEDTLS_INC} -nostdinc \
-Wmissing-include-dirs $(ERRORS) $(WARNINGS)
ASFLAGS += $(CPPFLAGS) $(ASFLAGS_$(ARCH)) \
-D__ASSEMBLY__ -ffreestanding \
-Wa,--fatal-warnings
-ffreestanding -Wa,--fatal-warnings
TF_CFLAGS += $(CPPFLAGS) $(TF_CFLAGS_$(ARCH)) \
-ffreestanding -fno-builtin -Wall -std=gnu99 \
-Os -ffunction-sections -fdata-sections
ifeq (${SANITIZE_UB},on)
TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover
endif
ifeq (${SANITIZE_UB},trap)
TF_CFLAGS += -fsanitize=undefined -fno-sanitize-recover \
-fsanitize-undefined-trap-on-error
endif
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
ifneq ($(findstring armlink,$(notdir $(LD))),)
......@@ -309,6 +330,10 @@ ifeq ($(notdir $(CC)),armclang)
BL_COMMON_SOURCES += lib/${ARCH}/armclang_printf.S
endif
ifeq (${SANITIZE_UB},on)
BL_COMMON_SOURCES += plat/common/ubsan.c
endif
INCLUDES += -Iinclude \
-Iinclude/arch/${ARCH} \
-Iinclude/lib/cpus/${ARCH} \
......@@ -506,13 +531,20 @@ ifeq ($(ENABLE_BTI),1)
$(info Branch Protection is an experimental feature)
endif
ifeq ($(CTX_INCLUDE_MTE_REGS),1)
ifneq (${ARCH},aarch64)
$(error CTX_INCLUDE_MTE_REGS requires AArch64)
else
$(info CTX_INCLUDE_MTE_REGS is an experimental feature)
endif
endif
################################################################################
# Process platform overrideable behaviour
################################################################################
# Using the ARM Trusted Firmware BL2 implies that a BL33 image also needs to be
# supplied for the FIP and Certificate generation tools. This flag can be
# overridden by the platform.
# Using BL2 implies that a BL33 image also needs to be supplied for the FIP and
# Certificate generation tools. This flag can be overridden by the platform.
ifdef BL2_SOURCES
ifdef EL3_PAYLOAD_BASE
# If booting an EL3 payload there is no need for a BL33 image
......@@ -628,6 +660,7 @@ $(eval $(call assert_boolean,CREATE_KEYS))
$(eval $(call assert_boolean,CTX_INCLUDE_AARCH32_REGS))
$(eval $(call assert_boolean,CTX_INCLUDE_FPREGS))
$(eval $(call assert_boolean,CTX_INCLUDE_PAUTH_REGS))
$(eval $(call assert_boolean,CTX_INCLUDE_MTE_REGS))
$(eval $(call assert_boolean,DEBUG))
$(eval $(call assert_boolean,DYN_DISABLE_AUTH))
$(eval $(call assert_boolean,EL3_EXCEPTION_HANDLING))
......@@ -665,11 +698,21 @@ $(eval $(call assert_boolean,USE_TBBR_DEFS))
$(eval $(call assert_boolean,WARMBOOT_ENABLE_DCACHE_EARLY))
$(eval $(call assert_boolean,BL2_AT_EL3))
$(eval $(call assert_boolean,BL2_IN_XIP_MEM))
$(eval $(call assert_boolean,BL2_INV_DCACHE))
$(eval $(call assert_boolean,USE_SPINLOCK_CAS))
$(eval $(call assert_numeric,ARM_ARCH_MAJOR))
$(eval $(call assert_numeric,ARM_ARCH_MINOR))
$(eval $(call assert_numeric,BRANCH_PROTECTION))
ifdef KEY_SIZE
$(eval $(call assert_numeric,KEY_SIZE))
endif
ifeq ($(filter $(SANITIZE_UB), on off trap),)
$(error "Invalid value for SANITIZE_UB: can be one of on, off, trap")
endif
################################################################################
# Add definitions to the cpp preprocessor based on the current build options.
# This is done after including the platform specific makefile to allow the
......@@ -683,6 +726,7 @@ $(eval $(call add_define,CTX_INCLUDE_AARCH32_REGS))
$(eval $(call add_define,CTX_INCLUDE_FPREGS))
$(eval $(call add_define,CTX_INCLUDE_PAUTH_REGS))
$(eval $(call add_define,EL3_EXCEPTION_HANDLING))
$(eval $(call add_define,CTX_INCLUDE_MTE_REGS))
$(eval $(call add_define,ENABLE_AMU))
$(eval $(call add_define,ENABLE_ASSERTIONS))
$(eval $(call add_define,ENABLE_BTI))
......@@ -720,6 +764,12 @@ $(eval $(call add_define,USE_TBBR_DEFS))
$(eval $(call add_define,WARMBOOT_ENABLE_DCACHE_EARLY))
$(eval $(call add_define,BL2_AT_EL3))
$(eval $(call add_define,BL2_IN_XIP_MEM))
$(eval $(call add_define,BL2_INV_DCACHE))
$(eval $(call add_define,USE_SPINLOCK_CAS))
ifeq (${SANITIZE_UB},trap)
$(eval $(call add_define,MONITOR_TRAPS))
endif
# Define the EL3_PAYLOAD_BASE flag only if it is provided.
ifdef EL3_PAYLOAD_BASE
......@@ -731,12 +781,6 @@ else
$(eval $(call add_define,PRELOADED_BL33_BASE))
endif
endif
# Define the AARCH32/AARCH64 flag based on the ARCH flag
ifeq (${ARCH},aarch32)
$(eval $(call add_define,AARCH32))
else
$(eval $(call add_define,AARCH64))
endif
# Define the DYN_DISABLE_AUTH flag only if set.
ifeq (${DYN_DISABLE_AUTH},1)
......@@ -759,14 +803,22 @@ all: msg_start
msg_start:
@echo "Building ${PLAT}"
# Check if deprecated declarations and cpp warnings should be treated as error or not.
ifeq (${ERROR_DEPRECATED},0)
# Check if deprecated declarations and cpp warnings should be treated as error or not.
ifneq ($(findstring clang,$(notdir $(CC))),)
CPPFLAGS += -Wno-error=deprecated-declarations
else
CPPFLAGS += -Wno-error=deprecated-declarations -Wno-error=cpp
endif
# __ASSEMBLY__ is deprecated in favor of the compiler-builtin __ASSEMBLER__.
ASFLAGS += -D__ASSEMBLY__
# AARCH32/AARCH64 macros are deprecated in favor of the compiler-builtin __aarch64__.
ifeq (${ARCH},aarch32)
$(eval $(call add_define,AARCH32))
else
$(eval $(call add_define,AARCH64))
endif
endif # !ERROR_DEPRECATED
$(eval $(call MAKE_LIB_DIRS))
$(eval $(call MAKE_LIB,c))
......
......@@ -102,7 +102,7 @@ static void flush_smc_and_cpu_ctx(void)
******************************************************************************/
void bl1_prepare_next_image(unsigned int image_id)
{
unsigned int security_state;
unsigned int security_state, mode = MODE32_svc;
image_desc_t *image_desc;
entry_point_info_t *next_bl_ep;
......@@ -117,20 +117,13 @@ void bl1_prepare_next_image(unsigned int image_id)
security_state = GET_SECURITY_STATE(next_bl_ep->h.attr);
/* Prepare the SPSR for the next BL image. */
if (security_state == SECURE) {
next_bl_ep->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM,
SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
} else {
/* Use HYP mode if supported else use SVC. */
if (GET_VIRT_EXT(read_id_pfr1())) {
next_bl_ep->spsr = SPSR_MODE32(MODE32_hyp, SPSR_T_ARM,
SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
} else {
next_bl_ep->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM,
SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
}
if ((security_state != SECURE) && (GET_VIRT_EXT(read_id_pfr1()))) {
mode = MODE32_hyp;
}
next_bl_ep->spsr = SPSR_MODE32(mode, SPSR_T_ARM,
SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
/* Allow platform to make change */
bl1_plat_set_ep_info(image_id, next_bl_ep);
......
/*
* Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
......@@ -23,7 +23,7 @@ void bl1_arch_setup(void)
******************************************************************************/
void bl1_arch_next_el_setup(void)
{
unsigned long next_sctlr;
u_register_t next_sctlr;
/* Use the same endianness than the current BL */
next_sctlr = (read_sctlr_el3() & SCTLR_EE_BIT);
......
......@@ -42,7 +42,7 @@ void cm_set_context(void *context, uint32_t security_state)
******************************************************************************/
void bl1_prepare_next_image(unsigned int image_id)
{
unsigned int security_state;
unsigned int security_state, mode = MODE_EL1;
image_desc_t *image_desc;
entry_point_info_t *next_bl_ep;
......@@ -73,20 +73,13 @@ void bl1_prepare_next_image(unsigned int image_id)
cm_set_context(&bl1_cpu_context[security_state], security_state);
/* Prepare the SPSR for the next BL image. */
if (security_state == SECURE) {
next_bl_ep->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
} else {
/* Use EL2 if supported; else use EL1. */
if (el_implemented(2) != EL_IMPL_NONE) {
next_bl_ep->spsr = SPSR_64(MODE_EL2, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
} else {
next_bl_ep->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
}
if ((security_state != SECURE) && (el_implemented(2) != EL_IMPL_NONE)) {
mode = MODE_EL2;
}
next_bl_ep->spsr = SPSR_64(mode, MODE_SP_ELX,
DISABLE_ALL_EXCEPTIONS);
/* Allow platform to make change */
bl1_plat_set_ep_info(image_id, next_bl_ep);
......
......@@ -38,15 +38,12 @@ func bl1_entrypoint
*/
bl bl1_setup
#if ENABLE_PAUTH
/* --------------------------------------------------------------------
* Enable pointer authentication
* Program APIAKey_EL1 and enable pointer authentication.
* --------------------------------------------------------------------
*/
#if ENABLE_PAUTH
mrs x0, sctlr_el3
orr x0, x0, #SCTLR_EnIA_BIT
msr sctlr_el3, x0
isb
bl pauth_init_enable_el3
#endif /* ENABLE_PAUTH */
/* --------------------------------------------------------------------
......@@ -56,16 +53,12 @@ func bl1_entrypoint
*/
bl bl1_main
#if ENABLE_PAUTH
/* --------------------------------------------------------------------
* Disable pointer authentication before jumping to BL31 or that will
* cause an authentication failure during the early platform init.
* Disable pointer authentication before jumping to next boot image.
* --------------------------------------------------------------------
*/
#if ENABLE_PAUTH
mrs x0, sctlr_el3
bic x0, x0, #SCTLR_EnIA_BIT
msr sctlr_el3, x0
isb
bl pauth_disable_el3
#endif /* ENABLE_PAUTH */
/* --------------------------------------------------
......
/*
* Copyright (c) 2013-2018, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
......@@ -164,7 +164,7 @@ func smc_handler64
* ----------------------------------------------
*/
ldr x30, [sp, #CTX_EL3STATE_OFFSET + CTX_RUNTIME_SP]
msr spsel, #0
msr spsel, #MODE_SP_EL0
mov sp, x30
/* ---------------------------------------------------------------------
......@@ -217,12 +217,24 @@ unexpected_sync_exception:
*/
smc_handler:
/* -----------------------------------------------------
* Save the GP registers x0-x29.
* Save x0-x29 and ARMv8.3-PAuth (if enabled) registers.
* If Secure Cycle Counter is not disabled in MDCR_EL3
* when ARMv8.5-PMU is implemented, save PMCR_EL0 and
* disable Cycle Counter.
* TODO: Revisit to store only SMCCC specified registers.
* -----------------------------------------------------
*/
bl save_gp_registers
bl save_gp_pmcr_pauth_regs
#if ENABLE_PAUTH
/* -----------------------------------------------------
* Load and program stored APIAKey firmware key.
* Re-enable pointer authentication in EL3, as it was
* disabled before jumping to the next boot image.
* -----------------------------------------------------
*/
bl pauth_load_bl1_apiakey_enable
#endif
/* -----------------------------------------------------
* Populate the parameters for the SMC handler. We
* already have x0-x4 in place. x5 will point to a
......@@ -247,7 +259,7 @@ smc_handler:
* Switch back to SP_EL0 for the C runtime stack.
* ---------------------------------------------
*/
msr spsel, #0
msr spsel, #MODE_SP_EL0
mov sp, x12
/* -----------------------------------------------------
......
......@@ -483,7 +483,7 @@ static int bl1_fwu_image_auth(unsigned int image_id,
* Flush image_info to memory so that other
* secure world images can see changes.
*/
flush_dcache_range((unsigned long)&image_desc->image_info,
flush_dcache_range((uintptr_t)&image_desc->image_info,
sizeof(image_info_t));
INFO("BL1-FWU: Authentication was successful\n");
......@@ -520,7 +520,7 @@ static int bl1_fwu_image_execute(unsigned int image_id,
INFO("BL1-FWU: Executing Secure image\n");
#ifdef AARCH64
#ifdef __aarch64__
/* Save NS-EL1 system registers. */
cm_el1_sysregs_context_save(NON_SECURE);
#endif
......@@ -531,7 +531,7 @@ static int bl1_fwu_image_execute(unsigned int image_id,
/* Update the secure image id. */
sec_exec_image_id = image_id;
#ifdef AARCH64
#ifdef __aarch64__
*handle = cm_get_context(SECURE);
#else
*handle = smc_get_ctx(SECURE);
......@@ -584,7 +584,7 @@ static register_t bl1_fwu_image_resume(register_t image_param,
INFO("BL1-FWU: Resuming %s world context\n",
(resume_sec_state == SECURE) ? "secure" : "normal");
#ifdef AARCH64
#ifdef __aarch64__
/* Save the EL1 system registers of calling world. */
cm_el1_sysregs_context_save(caller_sec_state);
......@@ -641,7 +641,7 @@ static int bl1_fwu_sec_image_done(void **handle, unsigned int flags)
sec_exec_image_id = INVALID_IMAGE_ID;
INFO("BL1-FWU: Resuming Normal world context\n");
#ifdef AARCH64
#ifdef __aarch64__
/*
* Secure world is done so no need to save the context.
* Just restore the Non-Secure context.
......
......@@ -9,6 +9,7 @@
#include <platform_def.h>
#include <arch.h>
#include <arch_features.h>
#include <arch_helpers.h>
#include <bl1/bl1.h>
#include <common/bl_common.h>
......@@ -30,6 +31,10 @@ DEFINE_SVC_UUID2(bl1_svc_uid,
static void bl1_load_bl2(void);
#if ENABLE_PAUTH
uint64_t bl1_apiakey[2];
#endif
/*******************************************************************************
* Helper utility to calculate the BL2 memory layout taking into consideration
* the BL1 RW data assuming that it is at the top of the memory layout.
......@@ -48,7 +53,7 @@ void bl1_calc_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
bl2_mem_layout->total_base = bl1_mem_layout->total_base;
bl2_mem_layout->total_size = BL1_RW_BASE - bl1_mem_layout->total_base;
flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
flush_dcache_range((uintptr_t)bl2_mem_layout, sizeof(meminfo_t));
}
/*******************************************************************************
......@@ -59,18 +64,16 @@ void bl1_setup(void)
/* Perform early platform-specific setup */
bl1_early_platform_setup();
#ifdef AARCH64
/*
* Update pointer authentication key before the MMU is enabled. It is
* saved in the rodata section, that can be writen before enabling the
* MMU. This function must be called after the console is initialized
* in the early platform setup.
*/
bl_handle_pauth();
#endif /* AARCH64 */
/* Perform late platform-specific setup */
bl1_plat_arch_setup();
#if CTX_INCLUDE_PAUTH_REGS
/*
* Assert that the ARMv8.3-PAuth registers are present or an access
* fault will be triggered when they are being saved or restored.
*/
assert(is_armv8_3_pauth_present());
#endif /* CTX_INCLUDE_PAUTH_REGS */
}
/*******************************************************************************
......@@ -97,10 +100,10 @@ void bl1_main(void)
/*
* Ensure that MMU/Caches and coherency are turned on
*/
#ifdef AARCH32
val = read_sctlr();
#else
#ifdef __aarch64__
val = read_sctlr_el3();
#else
val = read_sctlr();
#endif
assert(val & SCTLR_M_BIT);
assert(val & SCTLR_C_BIT);
......@@ -132,6 +135,12 @@ void bl1_main(void)
/* Perform platform setup in BL1. */
bl1_platform_setup();
#if ENABLE_PAUTH
/* Store APIAKey_EL1 key */
bl1_apiakey[0] = read_apiakeylo_el1();
bl1_apiakey[1] = read_apiakeyhi_el1();
#endif /* ENABLE_PAUTH */
/* Get the image id of next image to load and run. */
image_id = bl1_plat_get_next_image_id();
......@@ -198,11 +207,11 @@ static void bl1_load_bl2(void)
******************************************************************************/
void bl1_print_next_bl_ep_info(const entry_point_info_t *bl_ep_info)
{
#ifdef AARCH32
NOTICE("BL1: Booting BL32\n");
#else
#ifdef __aarch64__
NOTICE("BL1: Booting BL31\n");
#endif /* AARCH32 */
#else
NOTICE("BL1: Booting BL32\n");
#endif /* __aarch64__ */
print_entry_point_info(bl_ep_info);
}
......
......@@ -43,22 +43,12 @@ func bl2_entrypoint
*/
bl bl2_el3_setup
/* ---------------------------------------------
* Enable pointer authentication
* ---------------------------------------------
*/
#if ENABLE_PAUTH
mrs x0, sctlr_el3
orr x0, x0, #SCTLR_EnIA_BIT
#if ENABLE_BTI
/* ---------------------------------------------
* Enable PAC branch type compatibility
* Program APIAKey_EL1 and enable pointer authentication.
* ---------------------------------------------
*/
bic x0, x0, #SCTLR_BT_BIT
#endif /* ENABLE_BTI */
msr sctlr_el3, x0
isb
bl pauth_init_enable_el3
#endif /* ENABLE_PAUTH */
/* ---------------------------------------------
......@@ -87,16 +77,13 @@ func bl2_run_next_image
tlbi alle3
bl bl2_el3_plat_prepare_exit
#if ENABLE_PAUTH
/* ---------------------------------------------
* Disable pointer authentication before jumping to BL31 or that will
* cause an authentication failure during the early platform init.
* Disable pointer authentication before jumping
* to next boot image.
* ---------------------------------------------
*/
#if ENABLE_PAUTH
mrs x0, sctlr_el3
bic x0, x0, #SCTLR_EnIA_BIT
msr sctlr_el3, x0
isb
bl pauth_disable_el3
#endif /* ENABLE_PAUTH */
ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
......
......@@ -117,22 +117,13 @@ func bl2_entrypoint
mov x3, x23
bl bl2_setup
/* ---------------------------------------------
* Enable pointer authentication