| Age | Commit message (Collapse) | Author |
|---|
|
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
|
|
This patch adds capability to load BL images based on image
descriptors instead of hard coded way of loading BL images.
This framework is designed such that it can be readily adapted
by any BL stage that needs to load images.
In order to provide the above capability the following new
platform functions are introduced:
bl_load_info_t *plat_get_bl_image_load_info(void);
This function returns pointer to the list of images that the
platform has populated to load.
bl_params_t *plat_get_next_bl_params(void);
This function returns a pointer to the shared memory that the
platform has kept aside to pass trusted firmware related
information that next BL image needs.
void plat_flush_next_bl_params(void);
This function flushes to main memory all the params that
are passed to next image.
int bl2_plat_handle_post_image_load(unsigned int image_id)
This function can be used by the platforms to update/use
image information for given `image_id`.
`desc_image_load.c` contains utility functions which can be used
by the platforms to generate, load and executable, image list
based on the registered image descriptors.
This patch also adds new version of `load_image/load_auth_image`
functions in-order to achieve the above capability.
Following are the changes for the new version as compared to old:
- Refactor the signature and only keep image_id and image_info_t
arguments. Removed image_base argument as it is already passed
through image_info_t. Given that the BL image base addresses and
limit/size are already provided by the platforms, the meminfo_t
and entry_point_info arguments are not needed to provide/reserve
the extent of free memory for the given BL image.
- Added check for the image size against the defined max size.
This is needed because the image size could come from an
unauthenticated source (e.g. the FIP header).
To make this check, new member is added to the image_info_t
struct for identifying the image maximum size.
New flag `LOAD_IMAGE_V2` is added in the Makefile.
Default value is 0.
NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when
`LOAD_IMAGE_V2` is enabled.
Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
|
|
This patch resolves a build error in Trusted Firmware when `ARCH=aarch32`
and LOG_LEVEL >= 50.
Change-Id: I62a23ded4a25304533cdcc5ff11442aee041709b
|
|
Remove looping around `plat_report_exception`
|
|
This patch removes the tight loop that calls `plat_report_exception`
in unhandled exceptions in AArch64 state.
The new behaviour is to call the `plat_report_exception` only
once followed by call to `plat_panic_handler`.
This allows platforms to take platform-specific action when
there is an unhandled exception, instead of always spinning
in a tight loop.
Note: This is a subtle break in behaviour for platforms that
expect `plat_report_exception` to be continuously executed
when there is an unhandled exception.
Change-Id: Ie2453804b9b7caf9b010ee73e1a90eeb8384e4e8
|
|
Remove dcache invalidation after image authentication
|
|
At the end of successful image authentication in load_auth_image(),
the data cache for the virtual address range corresponding to the
image is invalidated (by a call to inv_dcache_range()). The intent
seems to be to ensure the data caches do not contain any sensitive
data used during authentication, which subsequent code can read.
However, this same address range is already flushed (cleaned and
invalidated by a call to flush_dcache_range()) at the end of
load_image(), and the subsequent invalidate has no functional
effect.
This patch removes the redundant call to inv_dcache_range(). It
also moves the flush_dcache_range() call from the end of load_image()
to the end of load_auth_image(), so the image data will remain in
the caches during authentication, improving performance.
This also improves the comments that explain the rationale for
calling flush_dcache_range() after image loading/authentication.
Change-Id: I14f17ad2935075ef6f3d1327361c5088bfb2d284
|
|
This patch adds an API in runtime service framework to
invoke the registered handler corresponding to the SMC function
identifier. This is helpful for AArch32 because the number of
arguments required by the handler is more than registers
available as per AArch32 program calling conventions and
requires the use of stack. Hence this new API will do the
necessary argument setup and invoke the appropriate
handler. Although this API is primarily intended for AArch32,
it can be used for AArch64 as well.
Change-Id: Iefa15947fe5a1df55b0859886e677446a0fd7241
|
|
The tf_printf library uses 64 bit division to print numbers
in appropriate formats but AArch32 mode cannot do 64 bit division
natively. Hence this patch adds additional number printing routines
to handle AArch32 mode in tf_printf library. The decimal format
printing capability is limited to 32 bit integers whereas 64 bits
are supported in hexadecimal format. The library assumes that
secure world is running in Little-Endian mode to do bit
manipulations on 64 bit. Suitable assertions are present to
enforce this assumption.
Change-Id: I55a21e448cef4915d1834d76e48a84ccf0bec36d
|
|
This patch adds various assembly helpers for AArch32 like :
* cache management : Functions to flush, invalidate and clean
cache by MVA. Also helpers to do cache operations by set-way
are also added.
* stack management: Macros to declare stack and get the current
stack corresponding to current CPU.
* Misc: Macros to access co processor registers in AArch32,
macros to define functions in assembly, assert macros, generic
`do_panic()` implementation and function to zero block of memory.
Change-Id: I7b78ca3f922c0eda39beb9786b7150e9193425be
|
|
Improve debug assertion for runtime svc number
|
|
This patch improves the debug assertion for runtime svc number
- Remove useless comparison ensuring that the number of descriptors
is a positive number. The variable is an unsigned integer so can't
be negative.
- Check that the end address of the descriptors is sane relative
to the start address.
Change-Id: Iea7be6b34e33b8b1cbd394eb923cc834ea964831
|
|
This patch adds some runtime checks to prevent some potential
pointer overflow issues in the is_mem_free() function. The overflow
could happen in the case where the end addresses, computed as the
sum of a base address and a size, results in a value large enough
to wrap around. This, in turn, could lead to unpredictable behaviour.
If such an overflow is detected, the is_mem_free() function will now
declare the memory region as not free. The overflow is detected using
a new macro, called check_uptr_overflow().
This patch also modifies all other places in the 'bl_common.c' file
where an end address was computed as the sum of a base address and a
size and instead keeps the two values separate. This avoids the need
to handle pointer overflows everywhere. The code doesn't actually need
to compute any end address before the is_mem_free() function is called
other than to print information message to the serial output.
This patch also introduces 2 slight changes to the reserve_mem()
function:
- It fixes the end addresses passed to choose_mem_pos(). It was
incorrectly passing (base + size) instead of (base + size - 1).
- When the requested allocation size is 0, the function now exits
straight away and says so using a warning message.
Previously, it used to actually reserve some memory. A zero-byte
allocation was not considered as a special case so the function
was using the same top/bottom allocation mechanism as for any
other allocation. As a result, the smallest area of memory starting
from the requested base address within the free region was
reserved.
Change-Id: I0e695f961e24e56ffe000718014e0496dc6e1ec6
|
|
- Added some debug assertions checking that the runtime services
indexes computed by get_unique_oen() are sane.
- Do not print the name of the service when its descriptor is
invalid. If the descriptor is corrupted then its name field
could be corrupted as well and we would end up reading an
arbitrary amount of invalid memory.
Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60
|
|
Light refactoring of the code in runtime_svc.c file.
- Declare validate_rt_svc_desc()'s argument as const.
- Remove 'goto' path in runtime_svc_init(). It was used in one
place only.
- Improve code readability by declaring a local variable holding the
service pointer.
Change-Id: I3b15c5adb9f37b786b5b993a9be70ea9dd017a83
|
|
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` respectively. This enables PSCI to be built independently from
BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
PSCI library sources and gets included by `bl31.mk`. Other changes which
are done as part of this patch are:
* The runtime services framework is now moved to the `common/` folder to
enable reuse.
* The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
specific folder.
* The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
to `plat/common` folder. The original file location now has a stub which
just includes the file from new location to maintain platform compatibility.
Most of the changes wouldn't affect platform builds as they just involve
changes to the generic bl1.mk and bl31.mk makefiles.
NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
|
|
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
|
|
Zynqmp updates
|
|
- Fix the function documentation.
Since commit 16948ae1, load_image() uses image IDs rather than image
names.
- Clarify the consequences of a null entry point argument.
- Slightly reorganize the code to remove an unnecessary 'if' statement.
Change-Id: Iebea3149a37f23d3b847a37a206ed23f7e8ec717
|
|
Build option to include AArch32 registers in cpu context
|
|
The system registers that are saved and restored in CPU context include
AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ,
DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an
AArch64-only (i.e. on hardware that does not implement AArch32, or at
least not at EL1 and higher ELs) platform leads to an exception. This patch
introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to
include these AArch32 systems registers in the cpu context or not. By default
this build option is set to 1 to ensure compatibility. AArch64-only platforms
must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to
verify this.
Fixes ARM-software/tf-issues#386
Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee
|
|
This patch introduces some assembler macros to simplify the
declaration of the exception vectors. It abstracts the section
the exception code is put into as well as the alignments
constraints mandated by the ARMv8 architecture. For all TF images,
the exception code has been updated to make use of these macros.
This patch also updates some invalid comments in the exception
vector code.
Change-Id: I35737b8f1c8c24b6da89b0a954c8152a4096fa95
|
|
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
|
|
The AArch32 long descriptor format and the AArch64 descriptor format
correspond to each other which allows possible sharing of xlat_tables
library code between AArch64 and AArch32. This patch refactors the
xlat_tables library code to seperate the common functionality from
architecture specific code. Prior to this patch, all of the xlat_tables
library code were in `lib/aarch64/xlat_tables.c` file. The refactored code
is now in `lib/xlat_tables/` directory. The AArch64 specific programming
for xlat_tables is in `lib/xlat_tables/aarch64/xlat_tables.c` and the rest
of the code common to AArch64 and AArch32 is in
`lib/xlat_tables/xlat_tables_common.c`. Also the data types used in
xlat_tables library APIs are reworked to make it compatible between AArch64
and AArch32.
The `lib/aarch64/xlat_tables.c` file now includes the new xlat_tables
library files to retain compatibility for existing platform ports.
The macros related to xlat_tables library are also moved from
`include/lib/aarch64/arch.h` to the header `include/lib/xlat_tables.h`.
NOTE: THE `lib/aarch64/xlat_tables.c` FILE IS DEPRECATED AND PLATFORM PORTS
ARE EXPECTED TO INCLUDE THE NEW XLAT_TABLES LIBRARY FILES IN THEIR MAKEFILES.
Change-Id: I3d17217d24aaf3a05a4685d642a31d4d56255a0f
|
|
This patch adds support to differentiate between `long` and `long long`
format specifiers in tf_printf(). In AArch64, they are the same which is
a 64-bit word. But, in AArch32 they are different and tf_printf() needs
to handle these format specifiers separately. This patch also fixes the
type of variables used to generic C types.
Change-Id: If3bbb0245cd0183acbe13bc1fe0d9743f417578f
|
|
Add support for %z in tf_print()
|
|
Asynchronous abort exceptions generated by the platform during cold boot are
not taken in EL3 unless SCR_EL3.EA is set.
Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture
initialisation. Further write accesses to SCR_EL3 preserve these bits during
cold boot.
A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions
being trapped by EL3 after cold boot or not.
For further reference SError Interrupts are also known as asynchronous external
aborts.
On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in
EL3 whatever the SCR_EL3.EA value is.
Fixes arm-software/tf-issues#368
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
|
|
Add support for %z format specific in tf_printf() to support
printing data of type size_t
Fixes ARM-software/tf-issues#380
Signed-off-by Scott Branden <scott.branden@broadcom.com>
|
|
Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.
Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().
All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.
Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
|
|
This patch adds support for the `%p` format specifier in tf_printf()
following the example of the printf implementation of the stdlib used
in the trusted firmware.
Fixes ARM-software/tf-issues#292
Change-Id: I0b3230c783f735d3e039be25a9405f00023420da
|
|
Change-Id: I6f49bd779f2a4d577c6443dd160290656cdbc59b
|
|
This patch removes the dash character from the image name, to
follow the image terminology in the Trusted Firmware Wiki page:
https://github.com/ARM-software/arm-trusted-firmware/wiki
Changes apply to output messages, comments and documentation.
non-ARM platform files have been left unmodified.
Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
|
|
The upcoming Firmware Update feature needs transitioning across
Secure/Normal worlds to complete the FWU process and hence requires
context management code to perform this task.
Currently context management code is part of BL31 stage only.
This patch moves the code from (include)/bl31 to (include)/common.
Some function declarations/definitions and macros have also moved
to different files to help code sharing.
Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c
|
|
Remove deprecated IO return definitions
|
|
Patch 7e26fe1f deprecates IO specific return definitions in favour
of standard errno codes. This patch removes those definitions
and its usage from the IO framework, IO drivers and IO platform
layer. Following this patch, standard errno codes must be used
when checking the return value of an IO function.
Change-Id: Id6e0e9d0a7daf15a81ec598cf74de83d5768650f
|
|
This patch introduces a new function called 'print_entry_point_info'
that prints an entry_point_t structure for debugging purposes.
As such, it can be used to display the entry point address, SPSR and
arguments passed from a firmware image to the next one.
This function is now called in the following images transitions:
- BL1 to BL2
- BL1 to BL31
- BL31 to the next image (typically BL32 or BL33)
The following changes have been introduced:
- Fix the output format of the SPSR value : SPSR is a 32-bit value,
not a 64-bit one.
- Print all arguments values.
The entry_point_info_t structure allows to pass up to 8 arguments.
In most cases, only the first 2 arguments were printed.
print_entry_point_info() now prints all of them as 'VERBOSE'
traces.
Change-Id: Ieb384bffaa7849e6cb95a01a47c0b7fc2308653a
|
|
This patch replaces custom definitions used as return values for
the load_auth_image() function with standard error codes defined
in errno.h. The custom definitions have been removed.
It also replaces the usage of IO framework error custom definitions,
which have been deprecated. Standard errno definitions are used
instead.
Change-Id: I1228477346d3876151c05b470d9669c37fd231be
|
|
BL2 loads secure runtime code(BL3-1, BL3-2) and hence it has to
run in secure world otherwise BL3-1/BL3-2 have to execute from
non-secure memory. Hence, This patch removes the change_security_state()
call in bl1_run_bl2() and replaces it with an assert to confirm
the BL2 as secure.
Fixes ARM-software/tf-issues#314
Change-Id: I611b83f5c4090e58a76a2e950b0d797b46df3c29
|
|
BL3-2 image (Secure Payload) is optional. If the image cannot be
loaded a warning message is printed and the boot process continues.
According to the TBBR document, this behaviour should not apply in
case of an authentication error, where the boot process should be
aborted.
This patch modifies the load_auth_image() function to distinguish
between a load error and an authentication error. The caller uses
the return value to abort the boot process or continue.
In case of authentication error, the memory region used to store
the image is wiped clean.
Change-Id: I534391d526d514b2a85981c3dda00de67e0e7992
|
|
After updating the main authentication module to use the transport
and crypto modules and the CoT description, the PolarSSL
authentication module is no longer required. This patch deletes it.
Change-Id: I8ba1e13fc1cc7b2fa9df14ff59eb798f0460b878
|
|
This patch modifies the Trusted Board Boot implementation to use
the new authentication framework, making use of the authentication
module, the cryto module and the image parser module to
authenticate the images in the Chain of Trust.
A new function 'load_auth_image()' has been implemented. When TBB
is enabled, this function will call the authentication module to
authenticate parent images following the CoT up to the root of
trust to finally load and authenticate the requested image.
The platform is responsible for picking up the right makefiles to
build the corresponding cryptographic and image parser libraries.
ARM platforms use the mbedTLS based libraries.
The platform may also specify what key algorithm should be used
to sign the certificates. This is done by declaring the 'KEY_ALG'
variable in the platform makefile. FVP and Juno use ECDSA keys.
On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
each to accommodate the ECDSA code.
REMOVED BUILD OPTIONS:
* 'AUTH_MOD'
Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
|
|
The Trusted firmware code identifies BL images by name. The platform
port defines a name for each image e.g. the IO framework uses this
mechanism in the platform function plat_get_image_source(). For
a given image name, it returns the handle to the image file which
involves comparing images names. In addition, if the image is
packaged in a FIP, a name comparison is required to find the UUID
for the image. This method is not optimal.
This patch changes the interface between the generic and platform
code with regard to identifying images. The platform port must now
allocate a unique number (ID) for every image. The generic code will
use the image ID instead of the name to access its attributes.
As a result, the plat_get_image_source() function now takes an image
ID as an input parameter. The organisation of data structures within
the IO framework has been rationalised to use an image ID as an index
into an array which contains attributes of the image such as UUID and
name. This prevents the name comparisons.
A new type 'io_uuid_spec_t' has been introduced in the IO framework
to specify images identified by UUID (i.e. when the image is contained
in a FIP file). There is no longer need to maintain a look-up table
[iname_name --> uuid] in the io_fip driver code.
Because image names are no longer mandatory in the platform port, the
debug messages in the generic code will show the image identifier
instead of the file name. The platforms that support semihosting to
load images (i.e. FVP) must provide the file names as definitions
private to the platform.
The ARM platform ports and documentation have been updated accordingly.
All ARM platforms reuse the image IDs defined in the platform common
code. These IDs will be used to access other attributes of an image in
subsequent patches.
IMPORTANT: applying this patch breaks compatibility for platforms that
use TF BL1 or BL2 images or the image loading code. The platform port
must be updated to match the new interface.
Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
|
|
Using assert() to check the length of keys and hashes included in
a certificate is not a safe approach because assert() only applies
to debug builds. A malformed certificate could exploit security
flaws in release binaries due to buffer overflows.
This patch replaces assert() with runtime checkings in the PolarSSL
authentication module, so malformed certificates can not cause a
memory overflow.
Change-Id: I42ba912020595752c806cbd242fe3c74077d993b
|
|
The cert_create tool calculates the hash of each BL image and includes
it as an ASN.1 OCTET STRING in the corresponding certificate extension.
Without additional information, the firmware running on the platform
has to know in advance the algorithm used to generate the hash.
This patch modifies the cert_create tool so the certificate extensions
that include an image hash are generated according to the following
ASN.1 structure:
DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
The PolarSSL module has been updated to extract the image hash
from the certificate extension according to this structure.
Change-Id: I6d83430f12a8a0eea8447bec7c936e903f644c85
|
|
Commit dad2504 adds support for type checking in printf-like
functions. Some of the VERBOSE logging statements were not updated
at that time.
Fix the type mismatches in the verbose logging statements.
Change-Id: Idd9a49e41cc0dc31f7698e220819d934e3d2d10e
|
|
In order for the symbol table in the ELF file to contain the size of
functions written in assembly, it is necessary to report it to the
assembler using the .size directive.
To fulfil the above requirements, this patch introduces an 'endfunc'
macro which contains the .endfunc and .size directives. It also adds
a .func directive to the 'func' assembler macro.
The .func/.endfunc have been used so the assembler can fail if
endfunc is omitted.
Fixes ARM-Software/tf-issues#295
Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
Signed-off-by: Kévin Petit <kevin.petit@arm.com>
|
|
Commit ea4ec3aad5e1 ("TBB: use SHA256 to generate the certificate
signatures") updated the cert_create tool to generate the
signatures using SHA256 instead of SHA1. Therefore, SHA1 is no
longer required.
This patch removes the SHA1 option from the PolarSSL configuration
file. The source file sha1.c is no longer needed and has been
excluded from the build. The SHA1 functions are no longer included
in the binary, reducing the memory footprint of BL1 and BL2 by
approximately 6 KB.
Change-Id: I72ea2cff03c0964c3eaadce148ec2ad2c6dde2e3
|
|
All coding style violations have been fixed in a previous patch and
since then, each individual patch has been checked in this regard.
However, the latest version of the checkpatch.pl script from the Linux
kernel is more advanced and it is able to flag new errors in the
Trusted Firmware codebase. This patch fixes them.
Change-Id: I1f332f2440984be85d36b231bb83260368987077
|
|
This patch provides an API to access the authentication module that
will be used to verify the authenticity of the images loaded into
memory as part of the Trusted Board Boot process.
To include the authentication module as part of the build, set the
boolean build option TRUSTED_BOARD_BOOT. One single authentication
module must be registered at build time by setting the build option
AUTH_MOD=<mod_name>. All authentication modules will be located in
'common/auth/<mod_name>' and must present the <mod_name>.mk file that
will be included by the build system to compile the module sources.
To create an authentication module, an instance of auth_mod_t called
'auth_mod' must be declared in the module sources. The initialization
and verification functions provided by the module will be exported
through the function pointers specified when declaring this instance.
If an authentication module includes third party sources that do not
adhere to the C99 standard, the -pedantic option may be removed from
the build options by setting the flag DISABLE_PEDANTIC in the module
file <mod_name>.mk.
Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd
|
|
This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.
PolarSSL sources must be fetched separately. The POLARSSL_DIR
build option may be used to indicate the path to the PolarSSL
main directory (this directory must contain the 'include' and
'library' subdirectories).
To be able to build PolarSSL sources as a part of the Trusted
Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
will tell the build system to remove the -pedantic option from
the CFLAGS.
Inclusion of PolarSSL increases the memory requirements of the BL1
and BL2 images. The following are the changes made to the FVP and
Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
defined:
Changes on FVP:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- BL2 memory region has been increased to 112 KB
Changes on Juno:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- Trusted ROM region in Flash has been increased to 128 KB.
- BL2 memory region has been increased to 116 KB
Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
|
