Searched refs:to (Results 1 – 25 of 187) sorted by relevance
12345678
5 operations framework to enable errata workarounds and to enable optimizations19 Defaults to 1.22 `CVE-2018-3639`_. Defaults to 1. The TF-A project recommends to keep30 Defaults to 0.52 Refer to :ref:`firmware_design_cpu_errata_reporting` for information on how to60 printing a warning to the crash console.72 CPU. This needs to be enabled for all revisions of the CPU.110 link time to Cortex-A53 CPU. This needs to be enabled for some variants of119 to Cortex-A53 CPU. This needs to be enabled for some variants of revision282 CPU. This needs to be enabled for revisions r0p0 and r1p0.[all …]
7 On a pre-production system, the ability to execute arbitrary, bare-metal code at8 the highest exception level is required. It allows full, direct access to the9 hardware, for example to run silicon soak tests.11 Although it is possible to implement some baremetal secure firmware from13 configuration required to put the system in the expected state.18 other BL images and passing control to BL31. It reduces the complexity of27 configured to permit secure access only. This gives full access to the whole28 DRAM to the EL3 payload.52 - The EL3 payload needs to be loaded in volatile memory (e.g. DRAM) at73 For this option to be used, the ``PRELOADED_BL33_BASE`` build option has to be[all …]
8 ``plat_get_aff_state()`` APIs to enable the generic PSCI code to20 levels in the power domain tree to four.23 mechanism used to populate the power domain topology tree.28 a 'start' to an 'end' power level. The binary search is required to find the29 node at each level. The natural way to perform this traversal is to151 core power domains, for example, Juno and FVPs, the logic to convert an MPIDR to153 proof hash function to do this.163 #. Implement more complex logic to convert a valid MPIDR to a core index while173 allow use of a simpler logic to convert an MPIDR to a core index.231 algorithm to parse the power domain descriptor exported by the platform to[all …]
8 #. It should be possible to route interrupts meant to be handled by secure17 #. It should be possible to route interrupts meant to be handled by65 ``SCR_EL3.IRQ``\ =1, IRQs are routed to EL3. Otherwise they are routed to the75 The default routing model for an interrupt type is to route it to the FEL in93 targeted to EL3.138 reason to route the interrupt to EL3 software and then hand it back to223 #. Implementing support to hand control of an interrupt type to its446 #. It passes control to the Test Secure Payload to perform its507 targeted to the FEL, then execution will eventually migrate to the561 allocate a function identifier to issue a SMC64 or SMC32 to the SPD[all …]
19 response to an SMC.31 The Secure world needs to implement some defenses to prevent the Non-secure51 - Set ``P`` to ``0``.52 - Set ``NSK`` to ``1``.53 - Set ``M`` to ``0``.55 - Set ``SH`` to ``1``.60 - Set ``C`` to ``1``.64 - Set ``DP`` to ``0``.65 - Set ``E`` to ``1``.97 - The ``PMCR_EL0.DP`` bit therefore needs to be set to ``1`` when EL3 is[all …]
7 Often it is necessary to update your patch set before it is merged. Refer to the8 `Gerrit Upload Patch Set documentation`_ on how to do so.10 If you need to modify an existing patch set with multiple commits, refer to the13 How long will my changes take to merge into ``integration``?20 set and the impact of any delay. Feel free to add a comment to your patch set21 to get an estimate of when it will be merged.28 API is likely to receive much greater scrutiny than a local change to a32 maintainers may not wait for external review comments to merge trivial33 bug-fixes but may wait up to a week to merge major changes, or ones requiring44 How long will it take for my changes to go from ``integration`` to ``master``?[all …]
13 Platform compatibility is mainly affected by changes to Platform APIs (as15 library interfaces (like xlat_table library). The project will try to maintain16 compatibility for upstream platforms. Due to evolving requirements and18 means the previous interface needs to be deprecated and a new interface19 introduced to replace it. In case the migration to the new interface is trivial,20 the contributor of the change is expected to make good effort to migrate the21 upstream platforms to the new interface.25 deprecated, the page must be updated to indicate the release after which the27 For non-trivial interface changes, an email should be sent out to the `TF-A28 public mailing list`_ to notify platforms that they should migrate away from the[all …]
111 - ``FVP_CLUSTER_COUNT`` : Configures the cluster count to be used to136 - ``FVP_HW_CONFIG_DTS`` : Specify the path to the DTS file to be compiled143 - ``FVP_HW_CONFIG`` : Specify the path to the HW_CONFIG blob to be packaged in181 One way to do that is to create an 8-byte file containing all zero bytes using216 load <path-to>/el3-payload.elf261 # Path to the input DTB262 KERNEL_DTB=<path-to>/<fdt>263 # Path to the output DTB267 # Path to the ramdisk268 INITRD=<path-to>/<ramdisk.img>[all …]
17 compiler should use. Valid values are T32 and A32. It defaults to T32 due to62 is set to '1'.130 build to be uniquely identified. Defaults to the current git commit id.245 various ELs can assign themselves to desired partition to control their530 set to 1 as well.537 set to ``1``.573 Delegated Exception Interface to BL31 image. This defaults to ``0``.576 set to ``1``.598 the path to the directory containing the SPD source, relative to661 interrupts to TSP allowing it to save its context and hand over[all …]
5 to the Linaro cross compiler.11 export CROSS_COMPILE=<path-to-aarch64-gcc>/bin/aarch64-none-elf-17 export CROSS_COMPILE=<path-to-aarch32-gcc>/bin/arm-none-eabi-20 ``CC`` needs to point to the clang or armclang binary, which will25 known to work with TF-A.30 to ``CC`` matches the string 'armclang'.37 make CC=<path-to-armclang>/bin/armclang PLAT=<platform> all41 to work.48 make CC=<path-to-clang>/bin/clang PLAT=<platform> all50 - Change to the root directory of the TF-A source tree and build.[all …]
5 images referred to in the Trusted Firmware project.10 - Some of the names and abbreviated names have changed to accommodate new11 requirements. The changed names are as backward compatible as possible to14 these will inevitably take time to catch up.26 new form is to just omit the dash and not use subscript formatting.47 Its primary purpose is to perform the minimum initialization necessary to load49 location, then hand-off control to that image.63 is to handle transitions between the normal and secure world.99 Its primary purpose is to perform the minimum initialization necessary to load125 to be considered in a production Trusted Board Boot solution.[all …]
232 to '1'.773 the updated counter value to be written to the NV counter.852 must be able to provide a heap to it.1098 populated to load. This function is invoked in BL2 to load the1331 This function is called prior to exiting BL1 in response to the1462 images to be passed to the next BL image.1524 specific to BL2.1854 to be signaled to the CPU interface.2420 to succeed.2948 Platforms are allowed to add more include paths to be passed to the compiler.[all …]
5 | Title | Not saving x0 to x3 registers can leak information from one |6 | | Normal World SMC client to another |26 When taking an exception to EL3, BL31 saves the CPU context. The aim is to29 ``x0`` to ``x3`` are not part of the CPU context saved on the stack.31 As per the `SMC Calling Convention`_, up to 4 values may be returned to the36 Before returning to the caller, the ``restore_gp_registers()`` function is40 (referring to the version of the code as of `commit c385955`_):55 request (or asynchronous exception to EL3) that used these return values.72 to assess the impact of this threat.84 line 19 (referring to the version of the code as of `commit c385955`_):[all …]
6 | | allow normal world to panic secure world |12 | Versions | All versions up to v1.3 |27 Trusted Firmware (TF) unconditionally assign this bit to ``0`` in the early32 normal world attacker to induce a panic in the secure world.34 The ``MDCR_EL3.SDD`` bit should be assigned to ``1`` to disable debug exceptions37 Earlier versions of TF (prior to `commit 495f3d3`_) did not assign this bit.41 A similar issue applies to the ``MDCR_EL3.SPD32`` bits, which control AArch3242 secure self-hosted invasive debug enablement. TF assigns these bits to ``00``46 which point the device is vulnerable to other, more serious attacks anyway.49 ``MDCR_EL3.SPD32`` bits should be assigned to ``10`` to disable debug exceptions[all …]
17 #define va_copy(to, from) __builtin_va_copy(to, from) argument18 #define va_arg(to, type) __builtin_va_arg(to, type) argument
54 test to complete before proceeding to the next non-lead CPU. The lead CPU then62 to the point the hardware enters the low power state (WFI). Referring to the TF67 power state to exiting the TF PSCI implementation. This corresponds to:70 ``CFLUSH_OVERHEAD`` refers to the part of ``PSCI_ENTRY`` taken to flush the105 observed due to TF PSCI lock contention. In the worst case, CPU 3 has to wait138 platform code. The platform lock is used to mediate access to a single SCP140 AP CPU to enter WFI before making the channel available to other CPUs, which178 to the little cluster (1MB).181 CPU 4 continues to run while CPU 5 is suspended. Hence CPU 5 only powers down to204 only necessary to flush the cache to power level 0 (L1). This is the best case[all …]
24 allows for asynchronous exceptions to be routed to EL3. As described in the29 FIQs and IRQs routed to EL3 are not required to be handled in EL3.51 suitably routed to EL3, and the Runtime Firmware (BL31) is extended to include54 choose to:83 Corollary to the use cases cited above, the primary role of the |EHF| is to179 interrupts to a priority level. In other words, all interrupts that are to201 The priority thus assigned to an interrupt is also used to determine the259 - The handler to be registered. The handler must be aligned to 4 bytes.399 to a lower EL.438 calls to these APIs are subject to the following conditions:[all …]
48 peripherals target to that PE only.91 then writes to GIC *Set Enable Register* to enable the interrupt.105 writes to GIC *Clear Enable Register* to disable the interrupt, and inserts178 writes to the GIC *Group Register* and *Group Modifier Register* (only GICv3) to194 ``INTR_TYPE_S_EL1`` maps to Group 0. Otherwise, ``INTR_TYPE_EL3`` maps to212 to appropriate *SGI Register* in order to raise the EL3 SGI.237 writes to the GIC *Target Register* (GICv2) or *Route Register* (GICv3) to set253 and writes to the GIC *Set Pending Register* to set the interrupt pending268 writes to the GIC *Clear Pending Register* to clear the interrupt pending285 inserts to order memory updates before updating mask, then writes to the GIC[all …]
7 to use it under either license. As a contributor, you agree to allow your code8 to be used under both.31 the Software without restriction, including without limitation the rights to33 of the Software, and to permit persons to whom the Software is furnished to do34 so, subject to the following conditions:44 Urbana-Champaign, nor the names of its contributors may be used to64 copies of the Software, and to permit persons to whom the Software is65 furnished to do so, subject to the following conditions:84 to that code.87 applies to all code in the LLVM Distribution, and nothing in any of the[all …]
76 that it is loaded above 32MiB in order to avoid the need to relocate136 instructions to see how to do it. This system is strongly discouraged.155 The `Linux kernel tree`_ has instructions on how to jump to the Linux kernel171 use mailboxes to trap the secondary cores until they are ready to jump to the179 address to jump to in this Mailbox (``bl31_warm_entrypoint``).233 - ``RPI3_USE_UEFI_MAP``: Set to 1 to build ATF with the altername memory235 to be able to run Windows on ARM64. This option, which is disabled by274 If OP-TEE is used it may be needed to add the following options to the281 it. In order to use TBB, you might want to set ``GENERATE_COT=1`` to let the284 able to set ROT_KEY to your own key in PEM format. Also in order to build,[all …]
7 to abstract power and system management tasks away from application9 loaded by AP BL2 from FIP in flash to SRAM for copying by SCP (SCP has access10 to AP SRAM).17 (TARGET_PLATFORM=1) platforms w.r.t to TF-A is the CPUs supported. TC0 has27 FIP to SRAM. The SCP has access to AP SRAM. The address and size of SCP_BL228 is communicated to SCP using SDS. SCP copies SCP_BL2 from SRAM to its own30 stages including BL31 runtime stage and hands off executing to37 Set the CROSS_COMPILE environment variable to point to the toolchain folder.46 Enable TBBR by adding the following options to the make command:
8 DRAM. By default, BL31 is in the secure SRAM. Set this flag to 1 to load13 - ``ARM_CONFIG_CNTACR``: boolean option to unlock access to the ``CNTBase<N>``17 kernel). Default is true (access to the frame is allowed).29 to have a Linux kernel image as BL33 by preparing the registers to these30 values before jumping to BL33. This option defaults to 0 (disabled). For46 State-ID yet. Hence this flag is used to configure whether to use the73 location of the ROTPK hash. Not expected to be a build option. This defaults to89 - ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®133 SCP_BL2U to the FIP and FWU_FIP respectively, and enables them to be loaded139 is set to 1, then SCMI/SDS drivers will be used. Default is 0.[all …]
7 - ``JUNO_TZMP1`` : Boolean option to configure Juno to be used for TrustZone117 to the AArch32 Linaro cross compiler.134 cp <path-to-build>/bl32.bin <path-to-temporary>138 must point to the AArch64 Linaro cross compiler.145 and point to the BL32 file.151 BL32=<path-to-temporary>/bl32.bin all fip166 need to be copied to the ``SOFTWARE/`` directory on the Juno SD card.216 above. The process to load binaries to memory is the one explained in223 to RAM. For more details refer to section 5.16 of `PSCI`_. To test system suspend231 The Juno board should suspend to RAM and then wakeup after 10 seconds due to[all …]
20 - Drivers to enable standard initialization of Arm System IP, for example28 - SMC (Secure Monitor Call) handling, conforming to the `SMC Calling44 Dispatcher (SPD) component to customize the interaction with the SP.62 - A Secure Partition Manager (SPM) to manage Secure Partitions in66 - An |SDEI| dispatcher to route interrupt-based |SDEI| events.69 interrupts to their registered handlers, to facilitate firmware-first75 as part of the FIP, to be passed through the firmware stages.99 ``BRANCH_PROTECTION`` option to be set to non-zero.102 TSP, with further support to be added in a future release.104 Still to come[all …]
287 - Enhance UART driver APIs to put characters to fifo1274 - Add support to pass the nt_fw_config DTB to OP-TEE.1548 - arm/a5ds: Change boot address to point to DDR address1605 to 41669 - auth: Necessary fix in drivers to upgrade to mbedtls-2.18.01804 it wants to use2719 to allow a post-processing tool to choose the right binary to interpret3357 AArch64 to AArch32, or vice verse, via a request to EL3.3626 allowing independent access control to be applied to each.3909 added to ``fip_create`` tool to package the certificates in a FIP.[all …]
Completed in 70 milliseconds