| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* changes:
docs: describe the new warning levels
build: add -Wunused-const-variable=2 to W=2
build: include -Wextra in generic builds
docs(porting-guide): update a reference
fix(st-usb): replace redundant checks with asserts
fix(brcm): add braces around bodies of conditionals
fix(renesas): align incompatible function pointers
fix(zynqmp): remove redundant api_version check
fix: remove old-style declarations
fix: unify fallthrough annotations
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Compiling with -Wimplicit-fallthrough=3 (enabled by -Wextra) produces
many warnings about fallthrough comments either missing or being wrong.
Unify the comments so we comply with -Wextra.
Note that Coverity recommends against using the __attribute__ directive.
Also, zlib does not build with a higher value of -Wimplicit-fallthrough.
Finally, compilers strip comments before expanding macros. As such,
checkpatch's fallthrough annotation (or higher levels of the flag) isn't
really possible.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I060cf4f8dc04c02cbb45cf4ceb69569a8369ccee
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch discards all the used entropy bits from the global memory
pool after being delivered to the requester (lower exception levels) by
overwriting them with zeroes.
It effectively implements the requirement, as part of TRNG FW interface
listed at DEN0098 (section 1.2).
https://developer.arm.com/documentation/den0098/latest
Change-Id: I447cbccc1a8ad972418a3569c99f010189d4b2f6
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
|
| |\ \
| | |
| | |
| | | |
integration
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ensure that the correct execution state of an SP is reported
as part of an FF-A v1.1 PARTITION_INFO_GET response.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I714e53ae71c376463797a42cd5ab7a5e9c687fb7
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* changes:
docs(build): describes the SPMC_OPTEE build option
feat(qemu): support el3 spmc
feat(el3-spmc): make platform logical partition optional
feat(qemu): support s-el2 spmc
feat(qemu): update abi between spmd and spmc
fix(sptool): add dependency to SP image
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this commit a logical platform specific partition is added when
compiling with SPMC at EL3. Not all platform need to add a logical
platform so make this optional.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I3bdd2a91350330c1637e8d84765974bfb6b225d7
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* changes:
fix(tsp): use verbose for power logs
fix(el3-spmc): fix coverity scan warnings
fix(el3-spmc): improve bound check for descriptor
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Validate emad descriptor integrity before accessing.
Check for NULL pointer access.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: Id4ff3e5d88be95ca8d067378e344947880ec984b
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Ensure that there is sufficient space in the memory
descriptor to accommodate the size of the composite memory
struct as part of the descriptor.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Iea646b144c59a2a1a171298cabb5f31040a8af31
|
| |\ \ \ \
| |/ / /
|/| | |
| | | | |
it" into integration
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch also:
* Enforces the check of RES0 fields on EL3-RMM boot interface
and manifest
* Fixes a couple of nits on the EL3-RMM Boot Interface
documentation.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Idb9e38f9fcda2ba0655646a1e2c4fdbabd5cdc40
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds X2-X6 and 'smc_ret' parameters to trp_rmi_handler().
The last 'smc_ret' parameter passed in X7 contains address of
'trp_smc_result' structure on stack to return result of RMI SMC call.
This allows to preserve X4 if not used as a return argument as per
SMCCCv1.2. The patch also removes use of trp_args_t in RMI handling.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I9e3387a7380b37863eeccc53d13e92e0ac5cffbd
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* changes:
fix(el3-spmc): check descriptor size for overflow
fix(el3-spmc): fix location of fragment length check
fix(el3-spmc): fix detection of overlapping memory regions
fix(el3-spmc): fix incomplete reclaim validation
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ensure that the provided descriptor size used when reserving space
for a memory descriptor does not overflow to prevent scope for
memory corruption. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: If06985c4de9a88ff82ce60d10e346da948ed383f
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ensure that the fragment_length parameter is validated to prevent
a buffer overflow before it is used. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0323c096ffd988fbd85bbd4ade3abd8427aea977
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The current logic does not cover all scenarios of overlapping
memory regions. Update the implementation to verify non-overlapping
regions instead. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I16c53d081e4455bc0e28399d28a1b27b1a9eb49c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ensure that the full memory transaction descriptor has been transmitted
before a request to reclaim the memory transaction is permitted.
This prevents any potential accesses to the incomplete descriptor.
Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I33e993c6b754632051e899ab20edd19b18b6cf65
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added DRTM parameters structure version check that as per
the current released DRTM specification [1].
Mainly to cater below mentioned in the specification [1]
section 3.12 -
For a given DRTM major version number this structure will
always be extended in a backwards compatible manner.
[1]: https://developer.arm.com/documentation/den0113/a
Change-Id: I9f312c7f9f20152c5d7e40a22b462c7fe8db70bc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Error check must be done on the previously allocated pointer, not a
random one from the code.
Change-Id: I1c8253eacbe778cc4a9a8d71081fc615fa7e5293
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Do not forget to pass via err_unlock_mailbox: label.
Change-Id: Icfb997b1c7cce196003af2c28bffc50dc73e30b4
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes an issue in spmc_ffa_fill_desc.
In order to compute the spmc_shm_get_v1_1_descriptor_size,
fragment_length which is a fraction of the descriptor size is used as
desc_size parameter. It has to be replaced with the
full V1.0 descriptor size(obj->desc_filled).
Ran a subset of our tests and they are passing.
Change-Id: Ia4bbc5dabf0b77fa53d923ff609ee48ecd5bf549
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
|
| |
|
|
|
|
|
|
| |
Flush the data cache range before DLME launch to ensure that data
passed by DCE preamble is committed.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I9946fd3420a17b86d9f1483e8b2cd5880033454e
|
| |
|
|
|
|
|
|
| |
As per DRTM beta0 spec table #28, Before the DLME is called the DCE
must invalidate all instruction caches.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I7efbb03d1d13346a8d898882fdbd7bbe8f1d49b2
|
| |
|
|
|
|
|
|
| |
Ensured DLME data region and DRTM parameters are lies within Non-Secure
region of DRAM by calling platform function 'plat_drtm_validate_ns_region'.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I93ead775f45ca7748193631f8f9eec4326fcf20a
|
| |
|
|
|
|
|
| |
Ensured no SDEI event are registered during dynamic launch.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ied3b2d389aa3d9a96ace9078581d5e691f0b38a7
|
| |
|
|
|
|
|
|
| |
Prepared EL state before dynamic launch
Change-Id: I3940cd7fc74da1a1addbeb08ae34f16771395e61
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
|
| |
|
|
|
|
|
| |
Prepared DLME data before DLME launch
Change-Id: I28e2132d9c832ab5bd25cf884925b99cc48258ea
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
| |
|
|
|
|
|
|
| |
Taken measurement of various DRTM components in the Event Log
buffer to pass it to DLME.
Change-Id: Ic56620161f42596d22bf40d5c83c041cbce0b618
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
| |
|
|
|
|
|
|
| |
Added DRTM DMA protections APIs, and called them during
the DLME launch and DRTM SMC handling.
Change-Id: I29e7238c04e2ca9f26600276c5c05bff5387789e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
| |
|
|
|
|
|
|
|
| |
Added remediation driver for DRTM to set/get the error
from non-volatile memory
Change-Id: I8f0873dcef4936693e0f39a3c95096cb689c04b7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and putting these
measurements in the Event Log buffer.
[1]: https://developer.arm.com/documentation/den0113/a, section 3.16
Change-Id: I9892c313cf6640b82e261738116fe00f7975ee12
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
|
| |
|
|
|
|
|
|
| |
Check the sanity of arguments before dynamic launch.
Change-Id: Iad68f852b09851b0c55a55df6ba16576e105758a
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is placeholder for checking all the necessary conditions
before doing drtm dynamic launch.
In this patch following conditions are checked (based on Table 31 of
DRTM spec beta0), rest of the conditions will be added in later
patches.
- Only boot PE is online
- Caller execution state is AArch64
- Caller exception level is NS-EL2 or NS-EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I622b946bc191bb39f828831336ceafbc10834c19
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Retrieved below DRTM features via DRTM_FEATURES SMC call -
1. TPM features
2. Minimum memory requirement
3. Boot PE ID
4. DMA protection
Change-Id: Ia6dc497259541ce30a6550afa35d95d9a9a366af
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5621cc9807ffff8139ae8876250147f7b2c76759
|
| |
|
|
|
|
|
|
|
| |
This patch adds a public API to return the total number of registered
events. The purpose of this is primarily for DRTM to ensure that no
SDEI event can interfere with a dynamic launch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1d1cba2da7d5566cc340620ee1ce7d7844740b86
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Updated DRTM setup functionality that mainly does below 2 things
1. Initialise the DRTM DMA protection, this function assumes the
platform must support complete DMA protection.
2. Initialise the Crypto module that will be useful to calculate
the hash of various DRTM element involved.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I3d6e4d534686d391fa7626094d2b2535dac74e00
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added a dummy DRTM setup function and also, introduced DRTM SMCs
handling as per DRTM spec [1]. Few basic SMCs are handled in this
change such as ARM_DRTM_SVC_VERSION and ARM_DRTM_SVC_FEATURES
that returns DRTM version and functions ids supported respectively,
and others are dummy for now.
[1]: https://developer.arm.com/documentation/den0113/latest
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I8c7afe920c78e064cbab2298f59e6837c70ba8ff
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Return values contained in 'smc_result' structure
are shifted down by one register:
X1 written by RMM is returned to NS in X0 and
X5 is returned in X4.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I92907ac3ff3bac8554643ae7c198a4a758c38cb3
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568
|
| |
|
|
|
|
|
|
| |
Adds a dispatcher for ProvenCore based on the test secure payload
dispatcher.
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I978afc3af6a6f65791655685a7bc80070673c9f3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the FF-A programming model in the test
secure payload to ensure that it can be used to test
the following spec features.
1. SP initialisation on the primary and secondary cpus.
2. An event loop to receive direct requests and respond
with direct responses.
3. Ability to receive messages that indicate power on
and off of a cpu.
4. Ability to handle a secure interrupt.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Signed-off-by: Shruti <shruti.gupta@arm.com>
Change-Id: I81cf744904d5cdc0b27862b5e4bc6f2cfe58a13a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation expects that the endpoint IDs of all
participants of a memory transaction to be listed in the relinquish
descriptor. As per the FF-A spec, aside from the current partition
ID, only the IDs of stream endpoints whose behalf it is relinquishing
the memory region must be specified.
The current implementation does not currently support proxy endpoints
therefore ensure that the endpoint count is always equal to 1 and
no stream endpoint IDs are specified and instead just verify the
caller is a valid participant in the memory transaction.
Additionally reuse the updated check in the retrieve request flow
for additional verification.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I3b970196af8a16b2531607775398cb8a2473793b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds documentation for the missing RMM-EL3
runtime services:
* RMM_RMI_REQ_COMPLETE
* RMM_GTSI_DELEGATE
* RMM_GTSI_UNDELEGATE
This patch also fixes a couple of minor bugs on return codes
for delegate/undelegate internal APIs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Ic721005e7851e838eebaee7865ba78fadc3309e4
|
| |\
| |
| |
| |
| |
| |
| |
| | |
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface
|
