diff options
| -rw-r--r-- | Makefile | 21 | ||||
| -rw-r--r-- | bl31/aarch64/bl31_arch_setup.c | 4 | ||||
| -rw-r--r-- | bl31/aarch64/bl31_entrypoint.S | 6 | ||||
| -rw-r--r-- | bl31/runtime_svc.c | 4 | ||||
| -rw-r--r-- | bl32/tsp/tsp_main.c | 34 | ||||
| -rw-r--r-- | docs/trusted-board-boot.md | 7 | ||||
| -rw-r--r-- | docs/user-guide.md | 3 | ||||
| -rw-r--r-- | include/bl31/cpu_data.h | 1 | ||||
| -rw-r--r-- | include/common/debug.h | 2 | ||||
| -rw-r--r-- | include/stdlib/stdio.h | 7 | ||||
| -rw-r--r-- | lib/cpus/aarch64/cpu_helpers.S | 15 | ||||
| -rw-r--r-- | plat/juno/bl1_plat_setup.c | 2 | ||||
| -rw-r--r-- | plat/juno/platform.mk | 2 | ||||
| -rw-r--r-- | services/std_svc/psci/psci_entry.S | 6 | ||||
| -rw-r--r-- | tools/cert_create/src/cert.c | 2 |
15 files changed, 55 insertions, 61 deletions
@@ -80,7 +80,9 @@ TRUSTED_BOARD_BOOT := 0 AUTH_MOD := none # Checkpatch ignores -CHECK_IGNORE = --ignore COMPLEX_MACRO --ignore GERRIT_CHANGE_ID +CHECK_IGNORE = --ignore COMPLEX_MACRO \ + --ignore GERRIT_CHANGE_ID \ + --ignore GIT_COMMIT_ID CHECKPATCH_ARGS = --no-tree --no-signoff ${CHECK_IGNORE} CHECKCODE_ARGS = --no-patch --no-tree --no-signoff ${CHECK_IGNORE} @@ -606,7 +608,7 @@ endif # Add the dependency on the certificates ifneq (${GENERATE_COT},0) - all: certificates + fip: certificates endif certificates: ${CRT_DEPS} ${CRTTOOL} check_bl30 check_bl33 @@ -631,16 +633,23 @@ cscope: ${Q}cscope -b -q -k help: - @echo "usage: ${MAKE} PLAT=<${HELP_PLATFORMS}> <all|bl1|bl2|bl31|distclean|clean|checkcodebase|checkpatch>" + @echo "usage: ${MAKE} PLAT=<${HELP_PLATFORMS}> [OPTIONS] [TARGET]" @echo "" @echo "PLAT is used to specify which platform you wish to build." @echo "If no platform is specified, PLAT defaults to: ${DEFAULT_PLAT}" @echo "" + @echo "Please refer to the User Guide for a list of all supported options." + @echo "Note that the build system doesn't track dependencies for build " + @echo "options. Therefore, if any of the build options are changed " + @echo "from a previous build, a clean build must be performed." + @echo "" @echo "Supported Targets:" - @echo " all Build the BL1, BL2 and BL31 binaries" + @echo " all Build all individual bootloader binaries" @echo " bl1 Build the BL1 binary" @echo " bl2 Build the BL2 binary" - @echo " bl31 Build the BL31 binary" + @echo " bl31 Build the BL3-1 binary" + @echo " bl32 Build the BL3-2 binary" + @echo " fip Build the Firmware Image Package (FIP)" @echo " checkcodebase Check the coding style of the entire source tree" @echo " checkpatch Check the coding style on changes in the current" @echo " branch against BASE_COMMIT (default origin/master)" @@ -650,7 +659,7 @@ help: @echo " certtool Build the Certificate generation tool" @echo " fiptool Build the Firmware Image Package(FIP) creation tool" @echo "" - @echo "note: most build targets require PLAT to be set to a specific platform." + @echo "Note: most build targets require PLAT to be set to a specific platform." @echo "" @echo "example: build all targets for the FVP platform:" @echo " CROSS_COMPILE=aarch64-none-elf- make PLAT=fvp all" diff --git a/bl31/aarch64/bl31_arch_setup.c b/bl31/aarch64/bl31_arch_setup.c index a88b029ea..edf10188d 100644 --- a/bl31/aarch64/bl31_arch_setup.c +++ b/bl31/aarch64/bl31_arch_setup.c @@ -33,6 +33,7 @@ #include <assert.h> #include <bl_common.h> #include <bl31.h> +#include <cpu_data.h> #include <platform.h> /******************************************************************************* @@ -47,4 +48,7 @@ void bl31_arch_setup(void) /* Program the counter frequency */ write_cntfrq_el0(plat_get_syscnt_freq()); + + /* Initialize the cpu_ops pointer. */ + init_cpu_ops(); } diff --git a/bl31/aarch64/bl31_entrypoint.S b/bl31/aarch64/bl31_entrypoint.S index 01d7a7f53..186b1cbc2 100644 --- a/bl31/aarch64/bl31_entrypoint.S +++ b/bl31/aarch64/bl31_entrypoint.S @@ -162,12 +162,6 @@ func bl31_entrypoint #endif /* --------------------------------------------- - * Initialize the cpu_ops pointer. - * --------------------------------------------- - */ - bl init_cpu_ops - - /* --------------------------------------------- * Use SP_EL0 for the C runtime stack. * --------------------------------------------- */ diff --git a/bl31/runtime_svc.c b/bl31/runtime_svc.c index c33748f99..fd64c8249 100644 --- a/bl31/runtime_svc.c +++ b/bl31/runtime_svc.c @@ -103,8 +103,8 @@ void runtime_svc_init(void) */ rc = validate_rt_svc_desc(&rt_svc_descs[index]); if (rc) { - ERROR("Invalid runtime service descriptor 0x%x (%s)\n", - &rt_svc_descs[index], + ERROR("Invalid runtime service descriptor 0x%lx (%s)\n", + (uintptr_t) &rt_svc_descs[index], rt_svc_descs[index].name); goto error; } diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c index c6000e19e..d8895b2f9 100644 --- a/bl32/tsp/tsp_main.c +++ b/bl32/tsp/tsp_main.c @@ -109,9 +109,9 @@ uint64_t tsp_main(void) { NOTICE("TSP: %s\n", version_string); NOTICE("TSP: %s\n", build_message); - INFO("TSP: Total memory base : 0x%x\n", (unsigned long)BL32_TOTAL_BASE); - INFO("TSP: Total memory size : 0x%x bytes\n", - (unsigned long)(BL32_TOTAL_LIMIT - BL32_TOTAL_BASE)); + INFO("TSP: Total memory base : 0x%lx\n", BL32_TOTAL_BASE); + INFO("TSP: Total memory size : 0x%lx bytes\n", + BL32_TOTAL_LIMIT - BL32_TOTAL_BASE); uint64_t mpidr = read_mpidr(); uint32_t linear_id = platform_get_core_pos(mpidr); @@ -129,7 +129,7 @@ uint64_t tsp_main(void) #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu on requests\n", mpidr, + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, tsp_stats[linear_id].cpu_on_count); @@ -158,8 +158,8 @@ tsp_args_t *tsp_cpu_on_main(void) #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x turned on\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu on requests\n", mpidr, + INFO("TSP: cpu 0x%lx turned on\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu on requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, tsp_stats[linear_id].cpu_on_count); @@ -199,8 +199,8 @@ tsp_args_t *tsp_cpu_off_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x off request\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu off requests\n", mpidr, + INFO("TSP: cpu 0x%lx off request\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu off requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, tsp_stats[linear_id].cpu_off_count); @@ -242,7 +242,7 @@ tsp_args_t *tsp_cpu_suspend_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu suspend requests\n", + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -281,9 +281,9 @@ tsp_args_t *tsp_cpu_resume_main(uint64_t suspend_level, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x resumed. suspend level %d\n", + INFO("TSP: cpu 0x%lx resumed. suspend level %ld\n", mpidr, suspend_level); - INFO("TSP: cpu 0x%x: %d smcs, %d erets %d cpu suspend requests\n", + INFO("TSP: cpu 0x%lx: %d smcs, %d erets %d cpu suspend requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count, @@ -316,8 +316,8 @@ tsp_args_t *tsp_system_off_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x SYSTEM_OFF request\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets requests\n", mpidr, + INFO("TSP: cpu 0x%lx SYSTEM_OFF request\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count); spin_unlock(&console_lock); @@ -349,8 +349,8 @@ tsp_args_t *tsp_system_reset_main(uint64_t arg0, #if LOG_LEVEL >= LOG_LEVEL_INFO spin_lock(&console_lock); - INFO("TSP: cpu 0x%x SYSTEM_RESET request\n", mpidr); - INFO("TSP: cpu 0x%x: %d smcs, %d erets requests\n", mpidr, + INFO("TSP: cpu 0x%lx SYSTEM_RESET request\n", mpidr); + INFO("TSP: cpu 0x%lx: %d smcs, %d erets requests\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count); spin_unlock(&console_lock); @@ -384,10 +384,10 @@ tsp_args_t *tsp_smc_handler(uint64_t func, tsp_stats[linear_id].smc_count++; tsp_stats[linear_id].eret_count++; - INFO("TSP: cpu 0x%x received %s smc 0x%x\n", read_mpidr(), + INFO("TSP: cpu 0x%lx received %s smc 0x%lx\n", mpidr, ((func >> 31) & 1) == 1 ? "fast" : "standard", func); - INFO("TSP: cpu 0x%x: %d smcs, %d erets\n", mpidr, + INFO("TSP: cpu 0x%lx: %d smcs, %d erets\n", mpidr, tsp_stats[linear_id].smc_count, tsp_stats[linear_id].eret_count); diff --git a/docs/trusted-board-boot.md b/docs/trusted-board-boot.md index abba03099..f3b9f14ec 100644 --- a/docs/trusted-board-boot.md +++ b/docs/trusted-board-boot.md @@ -44,10 +44,9 @@ essential information to establish the CoT. In the TBB CoT all certificates are self-signed. There is no need for a Certificate Authority (CA) because the CoT is not established by verifying the validity of a certificate's issuer but by the content of the certificate -extensions. To sign the certificates, the PKCS#1 SHA-1 with RSA Encryption +extensions. To sign the certificates, the PKCS#1 SHA-256 with RSA Encryption signature scheme is used with a RSA key length of 2048 bits. Future version of -Trusted Firmware will replace SHA-1 usage with SHA-256 and support additional -cryptographic algorithms. +Trusted Firmware will support additional cryptographic algorithms. The certificates are categorised as "Key" and "Content" certificates. Key certificates are used to verify public keys which have been used to sign content @@ -218,7 +217,7 @@ corresponding certificates or images at each step in the Trusted Board Boot sequence. The module relies on the PolarSSL library (v1.3.9) to perform the following operations: -* Parsing X.509 certificates and verifying them using SHA-1 with RSA +* Parsing X.509 certificates and verifying them using SHA-256 with RSA Encryption. * Extracting public keys and hashes from the certificates. * Generating hashes (SHA-256) of boot loader images diff --git a/docs/user-guide.md b/docs/user-guide.md index c115bccf3..411a8702a 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -59,6 +59,9 @@ The following tools are required to use the ARM Trusted Firmware: wget http://releases.linaro.org/14.07/components/toolchain/binaries/gcc-linaro-aarch64-none-elf-4.9-2014.07_linux.tar.xz tar -xf gcc-linaro-aarch64-none-elf-4.9-2014.07_linux.tar.xz +* `libssl-dev` package to build the certificate generation tool when support + for Trusted Board Boot is needed. + * (Optional) For debugging, ARM [Development Studio 5 (DS-5)][DS-5] v5.20. diff --git a/include/bl31/cpu_data.h b/include/bl31/cpu_data.h index 1926e292a..50f509bbd 100644 --- a/include/bl31/cpu_data.h +++ b/include/bl31/cpu_data.h @@ -117,6 +117,7 @@ static inline struct cpu_data *_cpu_data(void) *************************************************************************/ void init_cpu_data_ptr(void); +void init_cpu_ops(void); #define get_cpu_data(_m) _cpu_data()->_m #define set_cpu_data(_m, _v) _cpu_data()->_m = _v diff --git a/include/common/debug.h b/include/common/debug.h index a8dcb8da3..d198c321b 100644 --- a/include/common/debug.h +++ b/include/common/debug.h @@ -84,6 +84,6 @@ void __dead2 do_panic(void); #define panic() do_panic() -void tf_printf(const char *fmt, ...); +void tf_printf(const char *fmt, ...) __printflike(1, 2); #endif /* __DEBUG_H__ */ diff --git a/include/stdlib/stdio.h b/include/stdlib/stdio.h index 60e081b43..57e5c7fa4 100644 --- a/include/stdlib/stdio.h +++ b/include/stdlib/stdio.h @@ -58,12 +58,13 @@ typedef __ssize_t ssize_t; #define EOF (-1) -int printf(const char * __restrict, ...); +int printf(const char * __restrict, ...) __printflike(1, 2); int putchar(int); int puts(const char *); -int sprintf(char * __restrict, const char * __restrict, ...); +int sprintf(char * __restrict, const char * __restrict, ...) + __printflike(2, 3); int vsprintf(char * __restrict, const char * __restrict, - __va_list); + __va_list) __printflike(2, 0); int sscanf(const char *__restrict, char const *__restrict, ...); diff --git a/lib/cpus/aarch64/cpu_helpers.S b/lib/cpus/aarch64/cpu_helpers.S index bebe7c0a5..24c283ab0 100644 --- a/lib/cpus/aarch64/cpu_helpers.S +++ b/lib/cpus/aarch64/cpu_helpers.S @@ -110,7 +110,8 @@ func prepare_cluster_pwr_dwn /* * Initializes the cpu_ops_ptr if not already initialized - * in cpu_data. This can be called without a runtime stack. + * in cpu_data. This can be called without a runtime stack, but may + * only be called after the MMU is enabled. * clobbers: x0 - x6, x10 */ .globl init_cpu_ops @@ -125,18 +126,6 @@ func init_cpu_ops ASM_ASSERT(ne) #endif str x0, [x6, #CPU_DATA_CPU_OPS_PTR]! - - /* - * Make sure that any pre-fetched cache copies are invalidated. - * Ensure that we are running with cache disable else we - * invalidate our own update. - */ -#if ASM_ASSERTION - mrs x1, sctlr_el3 - tst x1, #SCTLR_C_BIT - ASM_ASSERT(eq) -#endif - dc ivac, x6 mov x30, x10 1: ret diff --git a/plat/juno/bl1_plat_setup.c b/plat/juno/bl1_plat_setup.c index fd331bf6f..3b3471a85 100644 --- a/plat/juno/bl1_plat_setup.c +++ b/plat/juno/bl1_plat_setup.c @@ -97,7 +97,7 @@ void bl1_early_platform_setup(void) BL1_RAM_BASE, bl1_size); - INFO("BL1: 0x%lx - 0x%lx [size = %u]\n", BL1_RAM_BASE, BL1_RAM_LIMIT, + INFO("BL1: 0x%lx - 0x%lx [size = %lu]\n", BL1_RAM_BASE, BL1_RAM_LIMIT, bl1_size); } diff --git a/plat/juno/platform.mk b/plat/juno/platform.mk index 9e44b2354..687781417 100644 --- a/plat/juno/platform.mk +++ b/plat/juno/platform.mk @@ -103,7 +103,7 @@ endif NEED_BL30 := yes # Enable workarounds for selected Cortex-A57 erratas. -ERRATA_A57_806969 := 1 +ERRATA_A57_806969 := 0 ERRATA_A57_813420 := 1 # Enable option to skip L1 data cache flush during the Cortex-A57 cluster diff --git a/services/std_svc/psci/psci_entry.S b/services/std_svc/psci/psci_entry.S index 3e67d3449..fb3f00761 100644 --- a/services/std_svc/psci/psci_entry.S +++ b/services/std_svc/psci/psci_entry.S @@ -87,12 +87,6 @@ psci_aff_common_finish_entry: bl init_cpu_data_ptr /* --------------------------------------------- - * Initialize the cpu_ops pointer. - * --------------------------------------------- - */ - bl init_cpu_ops - - /* --------------------------------------------- * Set the exception vectors * --------------------------------------------- */ diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c index 9705643d4..22fe3d586 100644 --- a/tools/cert_create/src/cert.c +++ b/tools/cert_create/src/cert.c @@ -170,7 +170,7 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk) } /* Sign the certificate with the issuer key */ - if (!X509_sign(x, ikey, EVP_sha1())) { + if (!X509_sign(x, ikey, EVP_sha256())) { ERR_print_errors_fp(stdout); return 0; } |