Searched refs:to (Results 1 – 25 of 221) sorted by relevance
123456789
5 operations framework to enable errata workarounds and to enable optimizations19 Defaults to 1.22 `CVE-2018-3639`_. Defaults to 1. The TF-A project recommends to keep30 Defaults to 0.34 least 1 CPU that requires this mitigation. Defaults to 1.56 Refer to :ref:`firmware_design_cpu_errata_reporting` for information on how to64 printing a warning to the crash console.76 CPU. This needs to be enabled for all revisions of the CPU.114 link time to Cortex-A53 CPU. This needs to be enabled for some variants of123 to Cortex-A53 CPU. This needs to be enabled for some variants of revision[all …]
7 On a pre-production system, the ability to execute arbitrary, bare-metal code at8 the highest exception level is required. It allows full, direct access to the9 hardware, for example to run silicon soak tests.11 Although it is possible to implement some baremetal secure firmware from13 configuration required to put the system in the expected state.18 other BL images and passing control to BL31. It reduces the complexity of27 configured to permit secure access only. This gives full access to the whole28 DRAM to the EL3 payload.52 - The EL3 payload needs to be loaded in volatile memory (e.g. DRAM) at73 For this option to be used, the ``PRELOADED_BL33_BASE`` build option has to be[all …]
8 ``plat_get_aff_state()`` APIs to enable the generic PSCI code to20 levels in the power domain tree to four.23 mechanism used to populate the power domain topology tree.28 a 'start' to an 'end' power level. The binary search is required to find the29 node at each level. The natural way to perform this traversal is to151 core power domains, for example, Juno and FVPs, the logic to convert an MPIDR to153 proof hash function to do this.163 #. Implement more complex logic to convert a valid MPIDR to a core index while173 allow use of a simpler logic to convert an MPIDR to a core index.231 algorithm to parse the power domain descriptor exported by the platform to[all …]
8 #. It should be possible to route interrupts meant to be handled by secure17 #. It should be possible to route interrupts meant to be handled by65 ``SCR_EL3.IRQ``\ =1, IRQs are routed to EL3. Otherwise they are routed to the75 The default routing model for an interrupt type is to route it to the FEL in93 targeted to EL3.138 reason to route the interrupt to EL3 software and then hand it back to223 #. Implementing support to hand control of an interrupt type to its446 #. It passes control to the Test Secure Payload to perform its507 targeted to the FEL, then execution will eventually migrate to the561 allocate a function identifier to issue a SMC64 or SMC32 to the SPD[all …]
17 compiler should use. Valid values are T32 and A32. It defaults to T32 due to65 is set to '1'.185 context. This flag can take values 0 to 2, to align with the268 onwards. This flag can take the values 0 to 2, to align with the275 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.348 values 0 to 2, to align with the ``FEATURE_DETECTION`` mechanism.736 set to ``1``.780 set to ``1``.809 the path to the directory containing the SPD source, relative to890 interrupts to TSP allowing it to save its context and hand over[all …]
234 to '1'.786 the updated counter value to be written to the NV counter.1073 must be able to provide a heap to it.1351 populated to load. This function is invoked in BL2 to load the1637 This function is called prior to exiting BL1 in response to the1804 images to be passed to the next BL image.1866 specific to BL2.2232 to be signaled to the CPU interface.2861 to succeed.3417 Platforms are allowed to add more include paths to be passed to the compiler.[all …]
5 images referred to in the Trusted Firmware project.10 - Some of the names and abbreviated names have changed to accommodate new11 requirements. The changed names are as backward compatible as possible to14 these will inevitably take time to catch up.26 new form is to just omit the dash and not use subscript formatting.56 Its primary purpose is to perform the minimum initialization necessary to load58 location, then hand-off control to that image.72 is to handle transitions between the normal and secure world.116 Its primary purpose is to perform the minimum initialization necessary to load142 to be considered in a production Trusted Board Boot solution.[all …]
19 response to an SMC.31 The Secure world needs to implement some defenses to prevent the Non-secure51 - Set ``P`` to ``0``.52 - Set ``NSK`` to ``1``.53 - Set ``M`` to ``0``.55 - Set ``SH`` to ``1``.60 - Set ``C`` to ``1``.64 - Set ``DP`` to ``0``.65 - Set ``E`` to ``1``.97 - The ``PMCR_EL0.DP`` bit therefore needs to be set to ``1`` when EL3 is[all …]
7 Often it is necessary to update your patch set before it is merged. Refer to the8 `Gerrit Upload Patch Set documentation`_ on how to do so.10 If you need to modify an existing patch set with multiple commits, refer to the13 How long will my changes take to merge into ``integration``?20 set and the impact of any delay. Feel free to add a comment to your patch set21 to get an estimate of when it will be merged.28 API is likely to receive much greater scrutiny than a local change to a32 maintainers may not wait for external review comments to merge trivial33 bug-fixes but may wait up to a week to merge major changes, or ones requiring44 How long will it take for my changes to go from ``integration`` to ``master``?[all …]
10 Platform compatibility is mainly affected by changes to Platform APIs (as12 library interfaces (like xlat_table library). The project will try to maintain13 compatibility for upstream platforms. Due to evolving requirements and15 means the previous interface needs to be deprecated and a new interface16 introduced to replace it. In case the migration to the new interface is trivial,17 the contributor of the change is expected to make good effort to migrate the18 upstream platforms to the new interface.24 For non-trivial interface changes, an email should be sent out to the `TF-A32 If a platform is no longer maintained, it is best to deprecate it to keep the34 process (up to the platform maintainers).[all …]
108 - ``FVP_CLUSTER_COUNT`` : Configures the cluster count to be used to133 - ``FVP_HW_CONFIG_DTS`` : Specify the path to the DTS file to be compiled140 - ``FVP_HW_CONFIG`` : Specify the path to the HW_CONFIG blob to be packaged in178 One way to do that is to create an 8-byte file containing all zero bytes using213 load <path-to>/el3-payload.elf258 # Path to the input DTB259 KERNEL_DTB=<path-to>/<fdt>260 # Path to the output DTB264 # Path to the ramdisk265 INITRD=<path-to>/<ramdisk.img>[all …]
5 | Title | Not saving x0 to x3 registers can leak information from one |6 | | Normal World SMC client to another |26 When taking an exception to EL3, BL31 saves the CPU context. The aim is to29 ``x0`` to ``x3`` are not part of the CPU context saved on the stack.31 As per the `SMC Calling Convention`_, up to 4 values may be returned to the36 Before returning to the caller, the ``restore_gp_registers()`` function is40 (referring to the version of the code as of `commit c385955`_):55 request (or asynchronous exception to EL3) that used these return values.72 to assess the impact of this threat.84 line 19 (referring to the version of the code as of `commit c385955`_):[all …]
54 test to complete before proceeding to the next non-lead CPU. The lead CPU then62 to the point the hardware enters the low power state (WFI). Referring to the TF67 power state to exiting the TF PSCI implementation. This corresponds to:70 ``CFLUSH_OVERHEAD`` refers to the part of ``PSCI_ENTRY`` taken to flush the105 observed due to TF PSCI lock contention. In the worst case, CPU 3 has to wait138 platform code. The platform lock is used to mediate access to a single SCP140 AP CPU to enter WFI before making the channel available to other CPUs, which178 to the little cluster (1MB).181 CPU 4 continues to run while CPU 5 is suspended. Hence CPU 5 only powers down to204 only necessary to flush the cache to power level 0 (L1). This is the best case[all …]
24 allows for asynchronous exceptions to be routed to EL3. As described in the29 FIQs and IRQs routed to EL3 are not required to be handled in EL3.51 suitably routed to EL3, and the Runtime Firmware (BL31) is extended to include54 choose to:83 Corollary to the use cases cited above, the primary role of the |EHF| is to179 interrupts to a priority level. In other words, all interrupts that are to201 The priority thus assigned to an interrupt is also used to determine the259 - The handler to be registered. The handler must be aligned to 4 bytes.399 to a lower EL.438 calls to these APIs are subject to the following conditions:[all …]
48 peripherals target to that PE only.91 then writes to GIC *Set Enable Register* to enable the interrupt.105 writes to GIC *Clear Enable Register* to disable the interrupt, and inserts178 writes to the GIC *Group Register* and *Group Modifier Register* (only GICv3) to194 ``INTR_TYPE_S_EL1`` maps to Group 0. Otherwise, ``INTR_TYPE_EL3`` maps to212 to appropriate *SGI Register* in order to raise the EL3 SGI.237 writes to the GIC *Target Register* (GICv2) or *Route Register* (GICv3) to set253 and writes to the GIC *Set Pending Register* to set the interrupt pending268 writes to the GIC *Clear Pending Register* to clear the interrupt pending285 inserts to order memory updates before updating mask, then writes to the GIC[all …]
65 One of the goals of the Boot Interface is to allow EL3 firmware to pass73 also a memory based manifest file to pass information from EL3 to RMM. The117 utilizing this buffer during the boot phase, prior to return back to EL3 via125 to do the necessary concurrency protection to prevent the use of the same buffer172 in the system so as to present a symmetric view to the NS Host. Any further209 important to note that RMM is allowed to invoke EL3-RMM runtime interface217 EL3 and RMM must adhere to.237 is allowed to return an error code corresponding to any of the failure262 results in a world switch to NS. This call is the reply to the original RMI498 as arguments to Realm and x0-x4 to be used for return arguments back to Non Secure.[all …]
17 #define va_copy(to, from) __builtin_va_copy(to, from) argument18 #define va_arg(to, type) __builtin_va_arg(to, type) argument
8 DRAM. By default, BL31 is in the secure SRAM. Set this flag to 1 to load13 - ``ARM_CONFIG_CNTACR``: boolean option to unlock access to the ``CNTBase<N>``29 to have a Linux kernel image as BL33 by preparing the registers to these30 values before jumping to BL33. This option defaults to 0 (disabled). For46 State-ID yet. Hence this flag is used to configure whether to use the73 location of the ROTPK hash. Not expected to be a build option. This defaults to89 - ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®103 - ``ARM_BL2_SP_LIST_DTS``: Path to DTS file snippet to override the hardcoded136 SCP_BL2U to the FIP and FWU_FIP respectively, and enables them to be loaded147 to support multi-chip operation.[all …]
17 # set to GIC400 or GIC50020 # set to CCI400 or CCN504 or CCN50823 # indicate layerscape chassis level - set to 3=LSCH3 or 2=LSCH232 # Select the DDR PHY generation to be used37 # ddr controller - set to MMDC or NXP40 # ddr phy - set to NXP or SNPS46 # Max Size of CSF header. Required to define BL2 TEXT LIMIT in soc.def47 # Input to CST create_hdr_esbc tool70 # Input to CST create_hdr_isbc tool72 # Covert to HEX to be used by create_pbl.mk[all …]
7 to use it under either license. As a contributor, you agree to allow your code8 to be used under both.31 the Software without restriction, including without limitation the rights to33 of the Software, and to permit persons to whom the Software is furnished to do34 so, subject to the following conditions:44 Urbana-Champaign, nor the names of its contributors may be used to64 copies of the Software, and to permit persons to whom the Software is65 furnished to do so, subject to the following conditions:84 to that code.87 applies to all code in the LLVM Distribution, and nothing in any of the[all …]
19 that this library needs to be refactored to cater for future enhancements and44 firmware (BL31)/context management library needs to have routines to help49 Due to the way TF-A evolved, from EL3 interacting with an S-EL1 payload to53 If EL2 needs to be skipped and is not to be used at runtime, then72 (4) **Allow more flexibility for Dispatchers to select feature set to save and restore**77 CPU features to select registers to save and restore. It also assumes that109 helpers to initialize registers corresponding to certain features but125 execution and would need to use sysregs of lower EL (eg: PAuth, pmcr) to enable169 sequence for this Root context would need to be done in170 an optimal way. The `el3_sysreg` does not need to be saved[all …]
76 that it is loaded above 32MiB in order to avoid the need to relocate136 instructions to see how to do it. This system is strongly discouraged.155 The `Linux kernel tree`_ has instructions on how to jump to the Linux kernel171 use mailboxes to trap the secondary cores until they are ready to jump to the179 address to jump to in this Mailbox (``bl31_warm_entrypoint``).233 - ``RPI3_USE_UEFI_MAP``: Set to 1 to build ATF with the altername memory235 to be able to run Windows on ARM64. This option, which is disabled by274 If OP-TEE is used it may be needed to add the following options to the281 it. In order to use TBB, you might want to set ``GENERATE_COT=1`` to let the284 able to set ROT_KEY to your own key in PEM format. Also in order to build,[all …]
5 SoCs with ARMv8 cores. Only BL31 is used to provide proper EL3 setup and35 So for instance to build for a board with the Allwinner A64 SoC::43 some build options that allow to fine-tune the firmware, or to disable support65 programming them to their respective voltages. That allows bootloader66 software like U-Boot to ignore power control via the PMIC.67 This setting defaults to 1. In some situations that enables too many68 regulators, or some regulators need to be enabled in a very specific70 can bet set to ``0`` on the build command line, to skip the PMIC setup81 to include it in the FIT image that the SPL loader will process.94 BL31 lives in SRAM A2, which is documented to be accessible from secure[all …]
7 to abstract power and system management tasks away from application9 loaded by AP BL2 from FIP in flash to SRAM for copying by SCP (SCP has access10 to AP SRAM).17 (TARGET_PLATFORM=1), TC2 (TARGET_PLATFORM=2) platforms w.r.t to TF-A30 FIP to SRAM. The SCP has access to AP SRAM. The address and size of SCP_BL231 is communicated to SCP using SDS. SCP copies SCP_BL2 from SRAM to its own33 stages including BL31 runtime stage and hands off executing to39 - Obtain `Arm toolchain`_ and set the CROSS_COMPILE environment variable to40 point to the toolchain folder.49 Enable TBBR by adding the following options to the make command:
17 # set to GIC400 or GIC50020 # set to CCI400 or CCN504 or CCN50823 # indicate layerscape chassis level - set to 3=LSCH3 or 2=LSCH232 # Select the DDR PHY generation to be used37 # ddr controller - set to MMDC or NXP40 # ddr phy - set to NXP or SNPS46 # Max Size of CSF header. Required to define BL2 TEXT LIMIT in soc.def47 # Input to CST create_hdr_esbc tool68 # BL2_HDR_LOC has to be (OCRAM_START_ADDR + OCRAM_SIZE - NXP_ROM_RSVD - CSF_HDR_SZ)70 # Input to CST create_hdr_isbc tool[all …]
Completed in 45 milliseconds