- TF-A - lists.trustedfirmware.org

ATF currently does not use proper printf format specifiers for fixed width types

by Scott Branden

Hello, ATF currently uses non-portable printf format specifiers for fixed width types defined in stdint.h In addition, ATF redefines types defined in gcc for stdint.h with its own custom types causing additional issues. This causes compilation issues when porting code to/from ATF. AND, generates coverity parse errors as int64_t and uint64_t are incorrectly defined in ATF vs. gcc for aarch64. The printf format specifiers in inttypes.h are to be used for the proper format specifiers. And, uint64_t/int64_t should be defined the same as in gcc. I tried fixing up all the instances of int64 printf format specifiers by introducing inttypes.h and redefined the stdint types correctly here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5437 We have checked the change into our local tree so that everything compiles and runs in our system. Please accept change upstream. Regards, Scott

5 years, 1 month

1
0
0 0

Re: [TF-A] ATF LTS version

by François Ozog

On Thu, 11 Jun 2020 at 23:42, Varun Wadekar via TF-A < tf-a(a)lists.trustedfirmware.org> wrote: > Hello Matteo, > > Apologies for still using an outdated term. I have trained myself to get > used to "TF-A" - looks like I am still not there. > > >> The idea has also been just raised to the Trusted Firmware project > Board for initial consideration and we will be all very keen to understand > how much interest there is from the wider TF-A community of adopters and > external (non-Arm) maintainers > > That is good to hear. For the exact scope, I think we can assume the usual > expectations from any LTS software stack - stability, performance, > security, bug fixes along with maintenance support. We are open to > discussing the cadence and any other operational commitments. > > @Francois, from the description of Trusted Substrate looks like you also > expect the sub-projects to provide LTS versions for the project as a whole > to succeed (?) > > Yes. I assume relevant tf.org projects decide to branch LTSes so that we can extend the scope to selected OP-TEE TAs for the Trusted Substrate LTS and may be extend duration of support for the tf.org LTSes. (just to make sure: this is just early open thinking to understand what it would mean to build such a service on the Linaro side should there be tf.org LTSes). -Varun > > > -----Original Message----- > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Matteo > Carlini via TF-A > Sent: Thursday, June 11, 2020 4:25 AM > To: tf-a(a)lists.trustedfirmware.org > Subject: Re: [TF-A] ATF LTS version > > External email: Use caution opening links or attachments > > > Hi Francois, > > > I'd be happy to know more about what you see as TFA LTS: exact scope, > number of versions, duration, operational commitments (zero-day...). > > Do you have other firmware LTS needs? > > Agree. That’s precisely what I was hinting to Varun, when mentioning > concrete requirements for the LTS scheme. > > > Trusted Substrate is the aggregation of { TFA, OP-TEE, some TEE apps > such as firmwareTPM, U-Boot }. > > Trusted Substrate effort is led by Linaro members and is going to be set > up as a more open project. > > First time I heard about it. Good to know, but I guess we'll need to > discuss the intersection and collaboration with the Trusted Firmware > project at some point. > Having a LTS versioning scheme for the Trusted Firmware hosted projects > should be theoretically either in the scope of the Project itself or, if > the Board agrees, appointed to some other project/entity. > > > Our end goal is to enable unified, transactional, robust (anti-bricking, > anti rollback) UEFI OTA on both U-Boot and EDK2. > > Fair, but IMHO this has little to do with Arm Secure world software LTS > releases (TF-A/Hafnium/OP-TEE/TAs, TF-M)...probably best to discuss aside, > this is not in scope of what Varun is raising. > > Thanks > Matteo > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog(a)linaro.org | Skype: ffozog

5 years, 1 month

2
2
0 0

Test message please ignore

by Bill Fletcher

.

5 years, 1 month

1
0
0 0

TF-A Tech Forum Agenda @ Thr 10th September 2020 16:00-1700 BST

by Joanna Farley

Hi All, The next TF-A Tech Forum is scheduled for Thu 10th September 2020 16:00 – 17:00 (BST). A reoccurring meeting invite has been sent out to the subscribers of this TF-A mailing list. If you don’t have this please let me know. Agenda: * Proposal for a LTS (Long Term Support) Release Option for TF-A * Presented by Varun Wadekar * Long-term support is a lifecycle management policy in which a stable release is maintained for a period of time * Optional TF-A Mailing List Topic Discussions If TF-A contributors have anything they wish to present at any future TF-A tech forum please contact me to have that scheduled. Previous sessions, both recording and presentation material can be found on the trustedfirmware.org TF-A Technical meeting webpage: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ A scheduling tracking page is also available to help track sessions suggested and being prepared: https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ Final decisions on what will be presented will be shared a few days before the next meeting and shared on the TF-A mailing list. Thanks Joanna

5 years, 1 month

1
0
0 0

Re: [TF-A] GCC compiler option to support "xpaci" instruction

by Olivier Deprez

Hi again, After further check, it looks gcc 9.2 already supports the appropriate option. Maybe you missed ARM_ARCH_MINOR on the build command line depending on whether you need PAuth (Armv8.3) and/or BTI (Armv8.5). BRANCH_PROTECTION=2 or 3 => need ARM_ARCH_MINOR=3 (at least) BRANCH_PROTECTION=1 or 4 => need ARM_ARCH_MINOR=5 Regards, Olivier. ________________________________________ From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Olivier Deprez via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 03 September 2020 09:47 To: Kalyani Chidambaram Vaidyanathan; tf-a(a)lists.trustedfirmware.org; Varun Wadekar Subject: Re: [TF-A] GCC compiler option to support "xpaci" instruction Hi Kalyani, According to https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/build-op… you need a compiler supporting the -mbranch-protection option. This seems to be the case from gcc 9.3 onwards: https://gcc.gnu.org/onlinedocs/gcc-9.3.0/gcc/AArch64-Options.html#AArch64-O… Notice a GCC10.2 cross-compiler release is planned by end of this year according to this page: https://community.arm.com/developer/tools-software/tools/b/tools-software-i… Regards, Olivier. ________________________________________ From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 03 September 2020 04:08 To: Kalyani Chidambaram Vaidyanathan; tf-a(a)lists.trustedfirmware.org Subject: Re: [TF-A] GCC compiler option to support "xpaci" instruction <Dummy response to get the email through to the mailing list> From: Kalyani Chidambaram Vaidyanathan <kalyanic(a)nvidia.com> Sent: Wednesday, September 2, 2020 3:43 PM To: tf-a(a)lists.trustedfirmware.org Cc: Varun Wadekar <vwadekar(a)nvidia.com> Subject: GCC compiler option to support "xpaci" instruction Hi, We are using gcc-arm-9.2 toolchain and see that this is not supporting the “xpaci” instruction. Is there any compiler flag that has to be included to support this? Reference code that uses “xpaci” when PAUTH is enabled - https://github.com/ARM-software/arm-trusted-firmware/blob/master/bl31/aarch… Thanks, Kalyani -- TF-A mailing list TF-A(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a

5 years, 2 months

1
0
0 0

Re: [TF-A] GCC compiler option to support "xpaci" instruction

by Olivier Deprez

Hi Kalyani, According to https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/build-op… you need a compiler supporting the -mbranch-protection option. This seems to be the case from gcc 9.3 onwards: https://gcc.gnu.org/onlinedocs/gcc-9.3.0/gcc/AArch64-Options.html#AArch64-O… Notice a GCC10.2 cross-compiler release is planned by end of this year according to this page: https://community.arm.com/developer/tools-software/tools/b/tools-software-i… Regards, Olivier. ________________________________________ From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a(a)lists.trustedfirmware.org> Sent: 03 September 2020 04:08 To: Kalyani Chidambaram Vaidyanathan; tf-a(a)lists.trustedfirmware.org Subject: Re: [TF-A] GCC compiler option to support "xpaci" instruction <Dummy response to get the email through to the mailing list> From: Kalyani Chidambaram Vaidyanathan <kalyanic(a)nvidia.com> Sent: Wednesday, September 2, 2020 3:43 PM To: tf-a(a)lists.trustedfirmware.org Cc: Varun Wadekar <vwadekar(a)nvidia.com> Subject: GCC compiler option to support "xpaci" instruction Hi, We are using gcc-arm-9.2 toolchain and see that this is not supporting the “xpaci” instruction. Is there any compiler flag that has to be included to support this? Reference code that uses “xpaci” when PAUTH is enabled - https://github.com/ARM-software/arm-trusted-firmware/blob/master/bl31/aarch… Thanks, Kalyani

5 years, 2 months

1
0
0 0

Re: [TF-A] GCC compiler option to support "xpaci" instruction

by Varun Wadekar

<Dummy response to get the email through to the mailing list> From: Kalyani Chidambaram Vaidyanathan <kalyanic(a)nvidia.com> Sent: Wednesday, September 2, 2020 3:43 PM To: tf-a(a)lists.trustedfirmware.org Cc: Varun Wadekar <vwadekar(a)nvidia.com> Subject: GCC compiler option to support "xpaci" instruction Hi, We are using gcc-arm-9.2 toolchain and see that this is not supporting the "xpaci" instruction. Is there any compiler flag that has to be included to support this? Reference code that uses "xpaci" when PAUTH is enabled - https://github.com/ARM-software/arm-trusted-firmware/blob/master/bl31/aarch… Thanks, Kalyani

5 years, 2 months

1
0
0 0

List of issues with Cactus as SPMC on pre-8.4 CPUs

by Varun Wadekar

Hi @Olivier<mailto:Olivier.Deprez@arm.com>, We have been trying to use Cactus as SPMC on Tegra194 (pre 8.4) platforms and have faced the following issues. 1. Cactus_main.c - During cold boot, Cactus checks if the ffa-id for the instance of Cactus == SPM_VM_ID_FIRST. It issues FFA_ID_GET SMC to TF-A which returns the spmc_id in return. But on pre-8.4 platforms the value does not match SPM_VM_ID_FIRST and so the system assumes that the device is running on a post-8.4 CPU. The problem is that TF-A returns the spmc_id for this SMC, which seems incorrect. I don't understand why Cactus needs to know its own VM_ID on pre-8.4 CPUs. Can we assume that only one SPMC can run on pre-8.4? 2. Cactus_ffa_tests.c - The ` ffa_partition_info_get_test` incorrectly queries the partition info for secondary and tertiary VMs on pre-8.4 CPUs. 3. In general the boot tests that execute within Cactus seem incorrect to me. Some tests expect the presence of a non-secure world payload, which is not available at this point in the boot. This leads to numerous crashes and asserts during boot. 4. Cactus incorrectly uses a hard-coded address 0x7300000 as the RX/TX memory base. It should be using a platform defined value instead. We do not support this memory address on Tegra194. 5. The debug UART in Cactus needs rework too. Right now, it only supports PL011 as the UART driver. 6. TF-A SPMD forwards some SMCs to the non-secure world without checking if a non-secure world payload exists. This causes crashes during cold boot. Please let me know if you have commits for any or all of these issues. We have some WIP commits that we can push to gerrit for review, if required. Thoughts? -Varun

5 years, 2 months

2
2
0 0

question about tf-a spec

by chen feng

Hello arm expects, While reading the tf-a spec about the section "3.5.1 Register state". It described that "The MMU must be disabled for a partition that does not run in S-EL0". Does this mean that the S-EL1 SP need to create their own page table and enable the MMU itself. I wonder in this way, it is not very friendly to a SP developer. Since the SP can be a verify simple binary, maybe a single driver which can benefited from the isolation from other partitions. So in the pointer of developing a single driver. I think it do not need to care about the MMU configuration. It will be more friendly to be as easy as developing a user-land binary. The SPMC(SEL2) can do this configure for the SEL1's page-tables and enable MMU for SEL1 before jump into the SP. So I want to discuss here to understand the meaning behind it. Cheers, Feng

5 years, 2 months

3
8
0 0

Re: [TF-A] [query] sbsa level 3 spec: non secure watchdog WS1 handling at EL3

by Sandeep Tripathy

Hi Dan, On Thu, Aug 27, 2020 at 8:31 PM Dan Handley via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > > Hi Sandeep > > > > Arm development platforms that have an SBSA secure watchdog like N1SDP do not register an interrupt handler for the WS0 signal. They simply wait for the WS1 signal, which is fed to a higher agent (in this case the System Control Processor), which resets the platform. > There is no explicit watchdog interrupt handling functionality in TF-A. > what happens to non secure sbsa WS1 ? That is the case for Secure sbsa WS1. NS WS0 ----> EL1 X (optional) but linux already implements it . NS WS1 ----> EL3 X TF-A Do not handle it. Hence the patch. Not handling it altogether is not an option I guess. S WS0 -------> EL3 X (optional) . Platform might want to log this condition. S WS1 ----------------------------------------> handled by a higher agent. > > > If your platform does not have a higher agent that handles WS1 then I guess you could add a handler in TF-A as you suggest in your code snippet, though I'm not sure if the maintainers would want this in generic SBSA code. Also, I don't see why you need both callback(s) and the explicit call to psci_systrem_reset2(), when presumably the callback(s) would do the latter. > Platform callback can optionally do more things like some logging. Ultimately 'system_reset2' seems to be the thing everyone would like to do as part of action. Then to reduce duplicate code we can have at one place. > > > > Q1- What happens if core is stuck and interrupts are not taken. > > It's rare for EL3 interrupts not to be taken when the core is stuck, unless an EL3 exception handler itself is stuck, in which case I'm not sure there's much you can do. That's why it's good to have a higher agent. > The rare lockup of core where it's not able to respond (not the software ones) requires some other agent to detect and reset/recover the system. Linux watchdog (ns sbsa WS1) will go unnoticed in such cases. ie. even if the watchdog hardware detected the lockup and indicated by WS0 then WS1 .. both were not acted upon. If it were the secure watchdog then no issues. > > > > Or it has to be registered as a RAS priority exception. > > I don't think that would help, unless the system was flooded with higher priority exceptions that prevented the watchdog handler from running. > > > > Regards > > > Dan. > > > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep Tripathy via TF-A > Sent: 27 August 2020 12:14 > To: tf-a(a)lists.trustedfirmware.org > Subject: [TF-A] [query] sbsa level 3 spec: non secure watchdog WS1 handling at EL3 > > > > Hi, > > Based on sbsa spec for level-3 firmware specification watchdog signals NS WS1 and S WS0 to be handled at EL3 firmware. > > I have some query on how TF-A plans to implement this. > > > > Ref: Excerpt DEN0029D_SBSA_6.0 https://developer.arm.com/documentation/den0029/d/?lang=en > > 3.2.3 Watchdogs The required behavior of watchdog signal 1 of the Non-secure watchdog is modified in level 3– firmware and is required to be routed as an SPI to the GIC. It is expected that this SPI be configured as an EL3 interrupt, directly targeting a single PE. A system compatible with level 3- firmware must implement a second watchdog, and is referred to as the Secure watchdog. It must have both its register frames mapped in the Secure memory address space and must not be aliased to the Non-secure address space. Watchdog Signal 0 of the Secure watchdog must be routed as an SPI to the GIC and it is expected this will be configured as an EL3 interrupt, directly targeting a single PE. > > > > Q1- What happens if core is stuck and interrupts are not taken. Non-secure watchdog will expire and ultimately results in a WS1 which is also not taken as the core is not responding. > > If WS1 were to another subsystem (eg: SCP) then it would take action. > > In current scheme is it the secure sbsa wdg expected to detect such hang ? > > > > Q2- How to handle sbsa watchdog interrupt at EL3. Please suggest if I should make a patch in following approach to start with. Or it has to be registered as a RAS priority exception. > > > > diff --git a/drivers/arm/sbsa/sbsa.c b/drivers/arm/sbsa/sbsa.c > > index 79c6f26..9683ef8 100644 > > --- a/drivers/arm/sbsa/sbsa.c > > +++ b/drivers/arm/sbsa/sbsa.c > > @@ -40,3 +40,26 @@ > > + > > +#define weak plat_sbsa_nt_wdog_ws1_handle > > +#define weak plat_sbsa_t_wdog_ws0_handle > > +void sbsa_wdog_handler(int id) > > +{ > > + if (id == SBSA_NT_WDG_WS1_INT) { > > + /* PUBLISH_EVENT */ > > + plat_sbsa_nt_wdog_ws1_handle(); > > + } else if (id == SBSA_T_WDG_WS0_INT) { > > + /* PUBLISH_EVENT */ > > + plat_sbsa_t_wdog_ws0_handle(); > > + } > > + /* EOI and reset , log what else */ > > + psci_systrem_reset2(); > > +} > > + > > +void sbsa_wdog_hander_init(void) > > +{ > > +#if EXCEPTION_HANDLING_FRAMEWORK > > + ehf_register_priority_handler(SBSA_WDG_PRI, sbsa_wdog_handler); > > +#endif > > +} > > > > Thanks > > Sandeep > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a Thanks Sandeep

5 years, 2 months

2
1
0 0

Re: [TF-A] [query] sbsa level 3 spec: non secure watchdog WS1 handling at EL3

by Dan Handley

Hi Sandeep Arm development platforms that have an SBSA secure watchdog like N1SDP do not register an interrupt handler for the WS0 signal. They simply wait for the WS1 signal, which is fed to a higher agent (in this case the System Control Processor), which resets the platform. There is no explicit watchdog interrupt handling functionality in TF-A. If your platform does not have a higher agent that handles WS1 then I guess you could add a handler in TF-A as you suggest in your code snippet, though I'm not sure if the maintainers would want this in generic SBSA code. Also, I don't see why you need both callback(s) and the explicit call to psci_systrem_reset2(), when presumably the callback(s) would do the latter. > Q1- What happens if core is stuck and interrupts are not taken. It's rare for EL3 interrupts not to be taken when the core is stuck, unless an EL3 exception handler itself is stuck, in which case I'm not sure there's much you can do. That's why it's good to have a higher agent. > Or it has to be registered as a RAS priority exception. I don't think that would help, unless the system was flooded with higher priority exceptions that prevented the watchdog handler from running. Regards Dan. From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep Tripathy via TF-A Sent: 27 August 2020 12:14 To: tf-a(a)lists.trustedfirmware.org Subject: [TF-A] [query] sbsa level 3 spec: non secure watchdog WS1 handling at EL3 Hi, Based on sbsa spec for level-3 firmware specification watchdog signals NS WS1 and S WS0 to be handled at EL3 firmware. I have some query on how TF-A plans to implement this. Ref: Excerpt DEN0029D_SBSA_6.0 https://developer.arm.com/documentation/den0029/d/?lang=en 3.2.3 Watchdogs The required behavior of watchdog signal 1 of the Non-secure watchdog is modified in level 3– firmware and is required to be routed as an SPI to the GIC. It is expected that this SPI be configured as an EL3 interrupt, directly targeting a single PE. A system compatible with level 3- firmware must implement a second watchdog, and is referred to as the Secure watchdog. It must have both its register frames mapped in the Secure memory address space and must not be aliased to the Non-secure address space. Watchdog Signal 0 of the Secure watchdog must be routed as an SPI to the GIC and it is expected this will be configured as an EL3 interrupt, directly targeting a single PE. Q1- What happens if core is stuck and interrupts are not taken. Non-secure watchdog will expire and ultimately results in a WS1 which is also not taken as the core is not responding. If WS1 were to another subsystem (eg: SCP) then it would take action. In current scheme is it the secure sbsa wdg expected to detect such hang ? Q2- How to handle sbsa watchdog interrupt at EL3. Please suggest if I should make a patch in following approach to start with. Or it has to be registered as a RAS priority exception. diff --git a/drivers/arm/sbsa/sbsa.c b/drivers/arm/sbsa/sbsa.c index 79c6f26..9683ef8 100644 --- a/drivers/arm/sbsa/sbsa.c +++ b/drivers/arm/sbsa/sbsa.c @@ -40,3 +40,26 @@ + +#define weak plat_sbsa_nt_wdog_ws1_handle +#define weak plat_sbsa_t_wdog_ws0_handle +void sbsa_wdog_handler(int id) +{ + if (id == SBSA_NT_WDG_WS1_INT) { + /* PUBLISH_EVENT */ + plat_sbsa_nt_wdog_ws1_handle(); + } else if (id == SBSA_T_WDG_WS0_INT) { + /* PUBLISH_EVENT */ + plat_sbsa_t_wdog_ws0_handle(); + } + /* EOI and reset , log what else */ + psci_systrem_reset2(); +} + +void sbsa_wdog_hander_init(void) +{ +#if EXCEPTION_HANDLING_FRAMEWORK + ehf_register_priority_handler(SBSA_WDG_PRI, sbsa_wdog_handler); +#endif +} Thanks Sandeep

5 years, 2 months

1
0
0 0

[query] sbsa level 3 spec: non secure watchdog WS1 handling at EL3

by Sandeep Tripathy

Hi, Based on sbsa spec for level-3 firmware specification watchdog signals NS WS1 and S WS0 to be handled at EL3 firmware. I have some query on how TF-A plans to implement this. Ref: Excerpt DEN0029D_SBSA_6.0 https://developer.arm.com/documentation/den0029/d/?lang=en 3.2.3 Watchdogs The required behavior of watchdog signal 1 of the Non-secure watchdog is modified in level 3– firmware and is required to be routed as an SPI to the GIC. It is expected that this SPI be configured as an EL3 interrupt, directly targeting a single PE. A system compatible with level 3- firmware must implement a second watchdog, and is referred to as the Secure watchdog. It must have both its register frames mapped in the Secure memory address space and must not be aliased to the Non-secure address space. Watchdog Signal 0 of the Secure watchdog must be routed as an SPI to the GIC and it is expected this will be configured as an EL3 interrupt, directly targeting a single PE. Q1- What happens if core is stuck and interrupts are not taken. Non-secure watchdog will expire and ultimately results in a WS1 which is also not taken as the core is not responding. If WS1 were to another subsystem (eg: SCP) then it would take action. In current scheme is it the secure sbsa wdg expected to detect such hang ? Q2- How to handle sbsa watchdog interrupt at EL3. Please suggest if I should make a patch in following approach to start with. Or it has to be registered as a RAS priority exception. diff --git a/drivers/arm/sbsa/sbsa.c b/drivers/arm/sbsa/sbsa.c index 79c6f26..9683ef8 100644 --- a/drivers/arm/sbsa/sbsa.c +++ b/drivers/arm/sbsa/sbsa.c @@ -40,3 +40,26 @@ + +#define weak plat_sbsa_nt_wdog_ws1_handle +#define weak plat_sbsa_t_wdog_ws0_handle +void sbsa_wdog_handler(int id) +{ + if (id == SBSA_NT_WDG_WS1_INT) { + /* PUBLISH_EVENT */ + plat_sbsa_nt_wdog_ws1_handle(); + } else if (id == SBSA_T_WDG_WS0_INT) { + /* PUBLISH_EVENT */ + plat_sbsa_t_wdog_ws0_handle(); + } + /* EOI and reset , log what else */ + psci_systrem_reset2(); +} + +void sbsa_wdog_hander_init(void) +{ +#if EXCEPTION_HANDLING_FRAMEWORK + ehf_register_priority_handler(SBSA_WDG_PRI, sbsa_wdog_handler); +#endif +} Thanks Sandeep

5 years, 2 months

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 2 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 361485: Integer handling issues (SIGN_EXTENSION) /plat/qti/common/src/spmi_arb.c: 54 in wait_for_done() ________________________________________________________________________________________________________ *** CID 361485: Integer handling issues (SIGN_EXTENSION) /plat/qti/common/src/spmi_arb.c: 54 in wait_for_done() 48 49 static int wait_for_done(uint16_t apid) 50 { 51 unsigned int timeout = 100; 52 53 while (timeout-- != 0U) { >>> CID 361485: Integer handling issues (SIGN_EXTENSION) >>> Suspicious implicit sign extension: "apid" with type "uint16_t" (16 bits, unsigned) is promoted in "207618056 + 65536 * apid" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "207618056 + 65536 * apid" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 54 uint32_t status = mmio_read_32(REG_ARB_STATUS(apid)); 55 if ((status & ARB_STATUS_DONE) != 0U) { 56 if ((status & ARB_STATUS_FAILURE) != 0U || 57 (status & ARB_STATUS_DENIED) != 0U || 58 (status & ARB_STATUS_DROPPED) != 0U) { 59 return status & 0xff; ** CID 361484: Integer handling issues (SIGN_EXTENSION) /plat/qti/common/src/spmi_arb.c: 72 in arb_command() ________________________________________________________________________________________________________ *** CID 361484: Integer handling issues (SIGN_EXTENSION) /plat/qti/common/src/spmi_arb.c: 72 in arb_command() 66 return ARB_FAKE_STATUS_TIMEOUT; 67 } 68 69 static void arb_command(uint16_t apid, uint8_t opcode, uint32_t addr, 70 uint8_t bytes) 71 { >>> CID 361484: Integer handling issues (SIGN_EXTENSION) >>> Suspicious implicit sign extension: "apid" with type "uint16_t" (16 bits, unsigned) is promoted in "207618048 + 65536 * apid" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "207618048 + 65536 * apid" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 72 mmio_write_32(REG_ARB_CMD(apid), (uint32_t)opcode << 27 | 73 (addr & 0xff) << 4 | (bytes - 1)); 74 } 75 76 int spmi_arb_read8(uint32_t addr) 77 { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

5 years, 2 months

1
0
0 0

Re: [TF-A] TF-A Gerrit access permissions currently broken.

by Joanna Farley

Things should be back to normal. Joanna From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Joanna Farley via TF-A <tf-a(a)lists.trustedfirmware.org> Reply to: Joanna Farley <Joanna.Farley(a)arm.com> Date: Wednesday, 26 August 2020 at 12:51 To: "tf-a(a)lists.trustedfirmware.org" <tf-a(a)lists.trustedfirmware.org> Subject: [TF-A] TF-A Gerrit access permissions currently broken. Just to inform project contributors that people may find their gerrit access rights may be broken at this time. I have raised a support request with the trustedfirmware.org support team. Joanna

5 years, 2 months

1
0
0 0

TF-A Gerrit access permissions currently broken.

by Joanna Farley

Just to inform project contributors that people may find their gerrit access rights may be broken at this time. I have raised a support request with the trustedfirmware.org support team. Joanna

5 years, 2 months

1
0
0 0

TF-A Tech Forum Agenda @ Thr 27th August 2020 16:00-1700 BST

by Joanna Farley

Hi All, The next TF-A Tech Forum is scheduled for Thu 27th August 2020 16:00 – 17:00 (BST). A reoccurring meeting invite has been sent out to the subscribers of this TF-A mailing list. If you don’t have this please let me know. Agenda: * TF-A Errata Process – Presented by Bipin Ravi * Bug Review Committee (BRC) & Categorization of Errata * Software Developers Errata Notice (SDEN) & Product Errata Notice (PEN) * What TF-A Implements * How TF-A Implements * Testing If TF-A contributors have anything they wish to present at any future TF-A tech forum please contact me to have that scheduled. Previous sessions, both recording and presentation material can be found on the trustedfirmware.org TF-A Technical meeting webpage: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ A scheduling tracking page is also available to help track sessions suggested and being prepared: https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ Final decisions on what will be presented will be shared a few days before the next meeting and shared on the TF-A mailing list. Thanks Joanna

5 years, 2 months

1
0
0 0

Re: [TF-A] [RFC] Api to power down all cores

by Varun Wadekar

<Cc alias> -----Original Message----- From: Sandeep Tripathy <sandeep.tripathy(a)broadcom.com> Sent: Tuesday, August 25, 2020 8:59 AM To: Varun Wadekar <vwadekar(a)nvidia.com>; Soby Mathew <Soby.Mathew(a)arm.com> Subject: RE: [TF-A] [RFC] Api to power down all cores Thanks, I will use callback as param to get rid of the 'plat*'. 'void psci_stop_other_cores(void (*stop_func)(uregister_t mpidr))' Platform can call like .. psci_stop_other_cores(ipi_send_stop); I will update the patch tomorrow. This api is not invoked by psci generic functions. So I think that should suffice your concern. Anyways I will take care any other suggestions. IPI implementation is under flag 'IPI_SUPPORT'. https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5323/ Thanks Sandeep > -----Original Message----- > From: Varun Wadekar [mailto:vwadekar@nvidia.com] > Sent: Tuesday, August 25, 2020 9:11 AM > To: Soby Mathew; Sandeep Tripathy > Subject: RE: [TF-A] [RFC] Api to power down all cores > > Hi, > > In addition to the suggestions already posted, we should provide a > build flag or dynamic knob to allow platforms to disable this feature. > > -Varun > > -----Original Message----- > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Soby > Mathew via TF-A > Sent: Friday, August 21, 2020 3:57 AM > To: Sandeep Tripathy <sandeep.tripathy(a)broadcom.com> > Cc: tf-a(a)lists.trustedfirmware.org > Subject: Re: [TF-A] [RFC] Api to power down all cores > > External email: Use caution opening links or attachments > > > Hi Sandeep, > Thanks for the clarification. I too think this has general utility and > since you need access to internal PSCI data to perform the > functionality , exporting a utility function from PSCI for platforms > to invoke seems the right thing to do. > The small concern I have is using the `plat_*` namespace as this is a > utility function invoked by the platform and another porting layer > beneath it seems out of place. > > I would suggest to add a parameter to stop_other_cores(), this could > be either the IPI number or a callback function to trigger the IPI. > This allows to provide the platform specific details without `plat_*` > API. > > Best Regards > Soby Mathew > > > -----Original Message----- > > From: Sandeep Tripathy <sandeep.tripathy(a)broadcom.com> > > Sent: 21 August 2020 07:17 > > To: Soby Mathew <Soby.Mathew(a)arm.com> > > Cc: tf-a(a)lists.trustedfirmware.org > > Subject: RE: [TF-A] [RFC] Api to power down all cores > > > > Hi Soby, > > I realize using term 'PSCI API' in rfc tag is misleading like Achin > > mentioned in gerrit. > > > > Here I wanted to have a generic API to 'stop_other_cores' in > > secure world. > > The usage is platform firmware specific. > > Implementation of 'stop_other_cores' depends on a generic 'IPI' > > support > (1). > > It leverages the existing EHF. So I feel it is not adding and > > complexity or overhead in normal execution path. > > > > 'stop_other_cores' API implementation depends on some psci private > > functions to traverse the pd nodes and extract MPIDRs for target pe > > list. That was the reason to put the function within psci lib. So > > there are > two things. > > 1- Does this idea of 'stop_other_core' api qualify to be generic > > 2- Does a generic IPI layer make sense > > > > Thanks > > Sandeep > > > -----Original Message----- > > > From: Soby Mathew [mailto:Soby.Mathew@arm.com] > > > Sent: Thursday, August 20, 2020 8:54 PM > > > To: Sandeep Tripathy > > > Cc: tf-a(a)lists.trustedfirmware.org > > > Subject: RE: [TF-A] [RFC] psci: api to power down all cores > > > > > > Hi Sandeep, > > > Just to understand better, if there is a secure side > > > panic/watchdog interrupt, then the secure side is already able to > > > do such an intervention without the availability of a PSCI API to the NS side. > > > > > > In case the NS world has crashed, then PSCI_SYSTEM_RESET and > > > PSCI_SYSTEM_OFF APIs can be invoked which then does the > > > appropriate actions. From my reading, the PSCI specification > > > doesn't prevent firmware implementation of the reset and off API's > > > from doing the kind of implementation as per your proposal. > > > > I intend to do 'stop_other_cores' in platform extension of > > 'plat_system_resetx()', secure side watchdog expiry/ > > plat_panic_handler(). > > > > > > > > Best Regards > > > Soby Mathew > > > > > > > -----Original Message----- > > > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of > > > Sandeep > > > > Tripathy via TF-A > > > > Sent: 19 August 2020 16:42 > > > > To: tf-a(a)lists.trustedfirmware.org > > > > Subject: [TF-A] [RFC] psci: api to power down all cores > > > > > > > > Hi, > > > > I am proposing to have a generic api in psci lib which can be > > > > used to > > > force > > > > power down all other cores from any initiating core analogous to > > > > 'smp_cpu_stop' in linux. It is immune to interrupt lock by > > > > EL1/EL2 software. > > > > > > > > Platforms may use this api in case of secure side panic, secure > > > > watchdog interrupt handling or if required in certain types of > > > > warm resets. The usage > > > is > > > > platform dependent. > > > > > > > > This depends on a generic implementation of secure IPI (1) which > > > > uses EHF > > > to > > > > handle IPI at platform defined priority. We probably require > > > > more types of secure IPIs. > > > > > > > > Please review the series > > > > Ref: > > > > https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5 > > > > 32 > > > > 4 > > > > > > > > diff --git a/lib/psci/psci_system_off.c > > > > b/lib/psci/psci_system_off.c index > > > > 141d69e..011aaa6 100644 > > > > --- a/lib/psci/psci_system_off.c > > > > +++ b/lib/psci/psci_system_off.c > > > > @@ -10,10 +10,44 @@ > > > > #include <arch_helpers.h> > > > > #include <common/debug.h> > > > > #include <drivers/console.h> > > > > +#include <drivers/delay_timer.h> > > > > #include <plat/common/platform.h> > > > > > > > > #include "psci_private.h" > > > > > > > > +#ifndef PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS #define > > > > +PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 #endif > > > > + > > > > +#if IMAGE_BL31 > > > > +void psci_stop_other_cores(void) { #define > > > > +PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 #endif > > > > + > > > > +#if IMAGE_BL31 > > > > +void psci_stop_other_cores(void) { > > > > + int idx, this_cpu_idx, cnt; > > > > + > > > > + this_cpu_idx = plat_my_core_pos(); > > > > + > > > > + /* Raise G0 IPI cpustop to all cores but self */ > > > > + for (idx = 0; idx < psci_plat_core_count; idx++) { > > > > + if ((idx != this_cpu_idx) && > > > > + (psci_get_aff_info_state_by_idx(idx) == > > > > AFF_STATE_ON)) { > > > > + > > > > plat_ipi_send_cpu_stop(psci_cpu_pd_nodes[idx].mpidr); > > > > + } > > > > + } > > > > + > > > > + /* Wait for others cores to shutdown */ > > > > + for (cnt = 0; cnt < PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS; > > > > + cnt++) > > > { > > > > + if (psci_is_last_on_cpu()) > > > > + break; > > > > + mdelay(1); > > > > + } > > > > + > > > > + if (!psci_is_last_on_cpu()) { > > > > + WARN("Failed to stop all cores!\n"); > > > > + psci_print_power_domain_map(); > > > > + } > > > > +} > > > > +#endif > > > > + > > > > > > > > (1) > > > > RFC: ipi: add ipi feature > > > > Ref: > > > > https://review.trustedfirmware.org/c/TF-A/trusted-firmware- > > > a/+/5323/1 > > > > > > > > Thanks > > > > Sandeep > > > > -- > > > > TF-A mailing list > > > > TF-A(a)lists.trustedfirmware.org > > > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

5 years, 2 months

1
0
0 0

[Request for review] Downstream patches from Tegra repos

by Varun Wadekar

Hello team, Requesting reviews for the latest patches [1] form our internal repos for Tegra platforms. I have updated the verification steps for each patch in the comments to help answer some questions. Thanks in advance. -Varun [1] https://review.trustedfirmware.org/q/topic:%22tegra-downstream-08252020%22+…

5 years, 2 months

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 361456: Memory - illegal accesses (NEGATIVE_RETURNS) /services/std_svc/spmd/spmd_main.c: 49 in spmd_get_context_by_mpidr() ________________________________________________________________________________________________________ *** CID 361456: Memory - illegal accesses (NEGATIVE_RETURNS) /services/std_svc/spmd/spmd_main.c: 49 in spmd_get_context_by_mpidr() 43 44 /******************************************************************************* 45 * SPM Core context on CPU based on mpidr. 46 ******************************************************************************/ 47 spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr) 48 { >>> CID 361456: Memory - illegal accesses (NEGATIVE_RETURNS) >>> Using variable "plat_core_pos_by_mpidr(mpidr)" as an index to array "spm_core_context". 49 return &spm_core_context[plat_core_pos_by_mpidr(mpidr)]; 50 } 51 52 /******************************************************************************* 53 * SPM Core context on current CPU get helper. 54 ******************************************************************************/ ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

5 years, 2 months

1
0
0 0

Re: [TF-A] [RFC] Api to power down all cores

by Sandeep Tripathy

Hi Soby, I realize using term 'PSCI API' in rfc tag is misleading like Achin mentioned in gerrit. Here I wanted to have a generic API to 'stop_other_cores' in secure world. The usage is platform firmware specific. Implementation of 'stop_other_cores' depends on a generic 'IPI' support (1). It leverages the existing EHF. So I feel it is not adding and complexity or overhead in normal execution path. 'stop_other_cores' API implementation depends on some psci private functions to traverse the pd nodes and extract MPIDRs for target pe list. That was the reason to put the function within psci lib. So there are two things. 1- Does this idea of 'stop_other_core' api qualify to be generic 2- Does a generic IPI layer make sense Thanks Sandeep > -----Original Message----- > From: Soby Mathew [mailto:Soby.Mathew@arm.com] > Sent: Thursday, August 20, 2020 8:54 PM > To: Sandeep Tripathy > Cc: tf-a(a)lists.trustedfirmware.org > Subject: RE: [TF-A] [RFC] psci: api to power down all cores > > Hi Sandeep, > Just to understand better, if there is a secure side panic/watchdog > interrupt, > then the secure side is already able to do such an intervention without > the > availability of a PSCI API to the NS side. > > In case the NS world has crashed, then PSCI_SYSTEM_RESET and > PSCI_SYSTEM_OFF APIs can be invoked which then does the appropriate > actions. From my reading, the PSCI specification doesn't prevent firmware > implementation of the reset and off API's from doing the kind of > implementation as per your proposal. I intend to do 'stop_other_cores' in platform extension of 'plat_system_resetx()', secure side watchdog expiry/ plat_panic_handler(). > > Best Regards > Soby Mathew > > > -----Original Message----- > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of > Sandeep > > Tripathy via TF-A > > Sent: 19 August 2020 16:42 > > To: tf-a(a)lists.trustedfirmware.org > > Subject: [TF-A] [RFC] psci: api to power down all cores > > > > Hi, > > I am proposing to have a generic api in psci lib which can be used to > force > > power down all other cores from any initiating core analogous to > > 'smp_cpu_stop' in linux. It is immune to interrupt lock by EL1/EL2 > > software. > > > > Platforms may use this api in case of secure side panic, secure watchdog > > interrupt handling or if required in certain types of warm resets. The > > usage > is > > platform dependent. > > > > This depends on a generic implementation of secure IPI (1) which uses > > EHF > to > > handle IPI at platform defined priority. We probably require more types > > of > > secure IPIs. > > > > Please review the series > > Ref: > > https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5324 > > > > diff --git a/lib/psci/psci_system_off.c b/lib/psci/psci_system_off.c > > index > > 141d69e..011aaa6 100644 > > --- a/lib/psci/psci_system_off.c > > +++ b/lib/psci/psci_system_off.c > > @@ -10,10 +10,44 @@ > > #include <arch_helpers.h> > > #include <common/debug.h> > > #include <drivers/console.h> > > +#include <drivers/delay_timer.h> > > #include <plat/common/platform.h> > > > > #include "psci_private.h" > > > > +#ifndef PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS #define > > +PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 #endif > > + > > +#if IMAGE_BL31 > > +void psci_stop_other_cores(void) > > +{ > > +#define PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 #endif > > + > > +#if IMAGE_BL31 > > +void psci_stop_other_cores(void) > > +{ > > + int idx, this_cpu_idx, cnt; > > + > > + this_cpu_idx = plat_my_core_pos(); > > + > > + /* Raise G0 IPI cpustop to all cores but self */ > > + for (idx = 0; idx < psci_plat_core_count; idx++) { > > + if ((idx != this_cpu_idx) && > > + (psci_get_aff_info_state_by_idx(idx) == > > AFF_STATE_ON)) { > > + > > plat_ipi_send_cpu_stop(psci_cpu_pd_nodes[idx].mpidr); > > + } > > + } > > + > > + /* Wait for others cores to shutdown */ > > + for (cnt = 0; cnt < PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS; cnt++) > { > > + if (psci_is_last_on_cpu()) > > + break; > > + mdelay(1); > > + } > > + > > + if (!psci_is_last_on_cpu()) { > > + WARN("Failed to stop all cores!\n"); > > + psci_print_power_domain_map(); > > + } > > +} > > +#endif > > + > > > > (1) > > RFC: ipi: add ipi feature > > Ref: https://review.trustedfirmware.org/c/TF-A/trusted-firmware- > a/+/5323/1 > > > > Thanks > > Sandeep > > -- > > TF-A mailing list > > TF-A(a)lists.trustedfirmware.org > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

5 years, 2 months

2
1
0 0

Re: [TF-A] [RFC] psci: api to power down all cores

by Soby Mathew

Hi Sandeep, Just to understand better, if there is a secure side panic/watchdog interrupt, then the secure side is already able to do such an intervention without the availability of a PSCI API to the NS side. In case the NS world has crashed, then PSCI_SYSTEM_RESET and PSCI_SYSTEM_OFF APIs can be invoked which then does the appropriate actions. From my reading, the PSCI specification doesn't prevent firmware implementation of the reset and off API's from doing the kind of implementation as per your proposal. Best Regards Soby Mathew > -----Original Message----- > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep > Tripathy via TF-A > Sent: 19 August 2020 16:42 > To: tf-a(a)lists.trustedfirmware.org > Subject: [TF-A] [RFC] psci: api to power down all cores > > Hi, > I am proposing to have a generic api in psci lib which can be used to force > power down all other cores from any initiating core analogous to > 'smp_cpu_stop' in linux. It is immune to interrupt lock by EL1/EL2 software. > > Platforms may use this api in case of secure side panic, secure watchdog > interrupt handling or if required in certain types of warm resets. The usage is > platform dependent. > > This depends on a generic implementation of secure IPI (1) which uses EHF to > handle IPI at platform defined priority. We probably require more types of > secure IPIs. > > Please review the series > Ref: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5324 > > diff --git a/lib/psci/psci_system_off.c b/lib/psci/psci_system_off.c index > 141d69e..011aaa6 100644 > --- a/lib/psci/psci_system_off.c > +++ b/lib/psci/psci_system_off.c > @@ -10,10 +10,44 @@ > #include <arch_helpers.h> > #include <common/debug.h> > #include <drivers/console.h> > +#include <drivers/delay_timer.h> > #include <plat/common/platform.h> > > #include "psci_private.h" > > +#ifndef PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS #define > +PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 #endif > + > +#if IMAGE_BL31 > +void psci_stop_other_cores(void) > +{ > +#define PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 #endif > + > +#if IMAGE_BL31 > +void psci_stop_other_cores(void) > +{ > + int idx, this_cpu_idx, cnt; > + > + this_cpu_idx = plat_my_core_pos(); > + > + /* Raise G0 IPI cpustop to all cores but self */ > + for (idx = 0; idx < psci_plat_core_count; idx++) { > + if ((idx != this_cpu_idx) && > + (psci_get_aff_info_state_by_idx(idx) == AFF_STATE_ON)) { > + plat_ipi_send_cpu_stop(psci_cpu_pd_nodes[idx].mpidr); > + } > + } > + > + /* Wait for others cores to shutdown */ > + for (cnt = 0; cnt < PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS; cnt++) { > + if (psci_is_last_on_cpu()) > + break; > + mdelay(1); > + } > + > + if (!psci_is_last_on_cpu()) { > + WARN("Failed to stop all cores!\n"); > + psci_print_power_domain_map(); > + } > +} > +#endif > + > > (1) > RFC: ipi: add ipi feature > Ref: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5323/1 > > Thanks > Sandeep > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

5 years, 2 months

1
0
0 0

[RFC] psci: api to power down all cores

by Sandeep Tripathy

Hi, I am proposing to have a generic api in psci lib which can be used to force power down all other cores from any initiating core analogous to 'smp_cpu_stop' in linux. It is immune to interrupt lock by EL1/EL2 software. Platforms may use this api in case of secure side panic, secure watchdog interrupt handling or if required in certain types of warm resets. The usage is platform dependent. This depends on a generic implementation of secure IPI (1) which uses EHF to handle IPI at platform defined priority. We probably require more types of secure IPIs. Please review the series Ref: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5324 diff --git a/lib/psci/psci_system_off.c b/lib/psci/psci_system_off.c index 141d69e..011aaa6 100644 --- a/lib/psci/psci_system_off.c +++ b/lib/psci/psci_system_off.c @@ -10,10 +10,44 @@ #include <arch_helpers.h> #include <common/debug.h> #include <drivers/console.h> +#include <drivers/delay_timer.h> #include <plat/common/platform.h> #include "psci_private.h" +#ifndef PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS +#define PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 +#endif + +#if IMAGE_BL31 +void psci_stop_other_cores(void) +{ +#define PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS 1000 +#endif + +#if IMAGE_BL31 +void psci_stop_other_cores(void) +{ + int idx, this_cpu_idx, cnt; + + this_cpu_idx = plat_my_core_pos(); + + /* Raise G0 IPI cpustop to all cores but self */ + for (idx = 0; idx < psci_plat_core_count; idx++) { + if ((idx != this_cpu_idx) && + (psci_get_aff_info_state_by_idx(idx) == AFF_STATE_ON)) { + plat_ipi_send_cpu_stop(psci_cpu_pd_nodes[idx].mpidr); + } + } + + /* Wait for others cores to shutdown */ + for (cnt = 0; cnt < PLAT_CORES_PWRDWN_WAIT_TIMEOUT_MS; cnt++) { + if (psci_is_last_on_cpu()) + break; + mdelay(1); + } + + if (!psci_is_last_on_cpu()) { + WARN("Failed to stop all cores!\n"); + psci_print_power_domain_map(); + } +} +#endif + (1) RFC: ipi: add ipi feature Ref: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5323/1 Thanks Sandeep

5 years, 2 months

1
0
0 0

Re: [TF-A] [Hafnium] Fw: Automate generation of Partition's specific configuration

by Joao Alves

Hi Raghu, Thank you very much for your feedback! It seems like a good idea to automate it and the approach looks fine to me. Is my understanding correct that the generated *dtsi* files will need to be included in the *dts* files once and the hope is if there is a change, the dts files need not change since the dtsi files will be regenerated every time during build? Yes, your understanding is correct. The other way this could be done is that the tool can generate dts files which have nodes that change at build time, which can then be compiled and added as dtb files, added to the FIP. That way fvp_tb_fw_config.dts and fvp_spmc_manifest.dts will remain the same and not have any dependency on a changing dtsi file. I’d prefer that dts files that change frequently like in this case be autogenerated entirely and as separate files. That _seems_ cleaner but may not work out so in practice. I agree with you that the approach you described above would make the whole process a bit cleaner. One way this could be done is by passing the *.pre.dts files (generated after the initial processing from dtc) to the script that are part of the patch. Last time I worked on this, I added the possibility to generate the nodes structure to an already existing dts file. Thus, expanding the previous configuration with the values of the new nodes. However, this work needs further testing. Alternatively, the python package I am using in the script can parse and generate dtb instead of dts. I was thinking to add the option to the dts_gen.py script (maybe rename it as well) to operate over the dtb format. So, making sure that "in-place" changes are working , and adding the option to operate over dtb files should allow for the cleaner approach that you referred. As is and making the referred changes, most of the script's logic should be preserved, so I don't think there will be a lot of changes to the current implementation, which is good. Please let me know if I was not very clear, or if you have any other comments. Also thanks @Gyorgy Szing<mailto:Gyorgy.Szing@arm.com> for the feedback on the current state of the patch, I appreciate it. Let me know if anyone has questions, or any other comments to the scripts and/or current discussion. I will notify once the work progresses. Best regards, João Alves ________________________________ From: Hafnium <hafnium-bounces(a)lists.trustedfirmware.org> on behalf of Raghu Krishnamurthy via Hafnium <hafnium(a)lists.trustedfirmware.org> Sent: Friday, August 7, 2020 5:54 PM To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>; hafnium(a)lists.trustedfirmware.org <hafnium(a)lists.trustedfirmware.org> Subject: Re: [Hafnium] [TF-A] Fw: Automate generation of Partition's specific configuration Hi, It seems like a good idea to automate it and the approach looks fine to me. Is my understanding correct that the generated *dtsi* files will need to be included in the *dts* files once and the hope is if there is a change, the dts files need not change since the dtsi files will be regenerated every time during build? The other way this could be done is that the tool can generate dts files which have nodes that change at build time, which can then be compiled and added as dtb files, added to the FIP. That way fvp_tb_fw_config.dts and fvp_spmc_manifest.dts will remain the same and not have any dependency on a changing dtsi file. I’d prefer that dts files that change frequently like in this case be autogenerated entirely and as separate files. That _seems_ cleaner but may not work out so in practice. Thanks Raghu From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Joao Alves via TF-A Sent: Monday, August 3, 2020 10:08 AM To: tf-a(a)lists.trustedfirmware.org Subject: [TF-A] Fw: Automate generation of Partition's specific configuration Hi all, Forwarding email below as the referred work may be useful/relevant for other parts of the TF-A project as well. Best regards, João Alves _____ From: Hafnium <hafnium-bounces(a)lists.trustedfirmware.org <mailto:hafnium-bounces@lists.trustedfirmware.org> > on behalf of Joao Alves via Hafnium <hafnium(a)lists.trustedfirmware.org <mailto:hafnium@lists.trustedfirmware.org> > Sent: Monday, August 3, 2020 5:59 PM To: hafnium(a)lists.trustedfirmware.org <mailto:hafnium@lists.trustedfirmware.org> <hafnium(a)lists.trustedfirmware.org <mailto:hafnium@lists.trustedfirmware.org> > Subject: [Hafnium] Automate generation of Partition's specific configuration Hello all, I have been trying to ease the process of adding a Secure Partition to a system using Secure Hafnium. There is no way to automatically generate SP's specific configuration into TF-A's code-base. Considering FVP as the target platform, we need to manually add partition's specific configuration to files "fvp_tb_fw_config.dts" and "fvp_spmc_manifest.dts" (files held in FVP platform specific folder of TF-A codebase). The following snippet shows the hypervisor node from "fvp_spmc_manifest.dts", for the simple case of having in the system two Cactus Secure Partitions: hypervisor { compatible = "hafnium,hafnium"; vm1 { is_ffa_partition; debug_name = "cactus-primary"; load_address = <0x7000000>; }; vm2 { is_ffa_partition; debug_name = "cactus-secondary"; load_address = <0x7100000>; vcpu_count = <2>; mem_size = <1048576>; }; }; Some of the above properties are available in the partition's manifest, for example "debug_name" and "load_address". If changing one of these values in the partition's manifest or adding another SP, we also need to update the referred files. In order to avoid the burden of having to manually update partition's specific configuration and to make whole system more scalable, I started to write a script that is able to generate a specific node structure and fetch any property value from a any dts file. Then, applied it to fetch/generate SPs specific configuration and include it in aforementioned configuration files. Although it is still a Work In Progress, the work can be found in the patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5150. The implementation is divided between two scripts: * "dts_gen.py" - This is a generic solution for the problem. It can fetch/generate/alter any configuration using dts files. * "sp_dts_gen.py" - Uses the previous command to solve the specific problem regarding SPs specific configuration. Although is still Work In Progress, I am looking to obtain feedback/reviews from anyone that could be interested in using this implementation. The above files contain a lot of comments on how to use them, and also describing the implementation. If the obtained feedback is good, I can work on integrating this in TF-A's build-system. Let me know if anyone has questions. Best regards, João Alves -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org <mailto:Hafnium@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/hafnium -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/hafnium

5 years, 2 months

1
0
0 0

Cancelled event with note: TF-A Tech Forum @ Thu 13 Aug 2020 16:00 - 17:00 (BST) (tf-a@lists.trustedfirmware.org)

by Bill Fletcher

This event has been cancelled with this note: " Next TF-A Tech Forum is now scheduled for 26th August" Title: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   When: Thu 13 Aug 2020 16:00 – 17:00 United Kingdom Time Calendar: tf-a(a)lists.trustedfirmware.org Who: * Bill Fletcher- creator * marek.bykowski(a)gmail.com * okash.khawaja(a)gmail.com * tf-a(a)lists.trustedfirmware.org Invitation from Google Calendar: https://www.google.com/calendar/ You are receiving this courtesy email at the account tf-a(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

5 years, 2 months

1
0
0 0

TF-A Tech Forum CANCELLED @ Thr 13th August 2020 16:00-1700 BST

by Joanna Farley

Apologies everyone, I need to cancel this week’s TF-A Tech Forum as presenters for our next subjects are all on vacation or have yet to complete preparation of the necessary material. As a reminder we have a scheduling page https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ If anybody has subjects they are willing to present please reach out to me so we can find you an appropriate slot. Next TF-A Tech Forum is now scheduled for 26th August. Thanks Joanna

5 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A