Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-24 05:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add v0.3 release documentation

Browse source 
Update the readme.md and change-log.md with release information.

Also, remove the "Detailed changes since last release" section of
the change-log.md since the same information can be found in the
GIT commit messages. Fixes .

Change-Id: I968cc8aaf588aa5c34ba8f1c12a5b797a46e04f5
This commit is contained in:
Dan Handley 2014-02-26 17:20:40 +00:00
parent 57de6d7274
commit b238849030
2 changed files with 172 additions and 119 deletions

227
docs/change-log.md
View file

@ -1,112 +1,158 @@
ARM Trusted Firmware
====================
ARM Trusted Firmware - version 0.3
==================================
Detailed changes since last release
-----------------------------------
New features
------------
* Support for Foundation FVP Version 2.0 added.
The documented UEFI configuration disables some devices that are unavailable
in the Foundation FVP, including MMC and CLCD. The resultant UEFI binary can
be used on the AEMv8 and Cortex-A57-A53 FVPs, as well as the Foundation FVP.
be used on the AEMv8 and Cortex-A57-A53 Base FVPs, as well as the Foundation
FVP.
NOTE: The software will not work on Version 1.0 of the Foundation FVP.
* Regression-checked against latest Base FVPs (Version 5.2).
* Enabled third party contributions. Added a new contributing.md containing
instructions for how to contribute and updated copyright text in all files
to acknowledge contributors.
* The supplied FDTs expose the Interrupt Translation Service (ITS) available
in GICv3.
* Fixed various GCC compiler warnings.
* Unmask SError and Debug exceptions in the trusted firmware.
Also route external abort and SError interrupts to EL3.
* The amount of physical RAM available to Linux as specified in the FDTs for
Base FVPs have been increased from 2GB to 4GB. This resolves the issue of
failing to start user-space when using a RAM-disk file-system.
* Build products are now created in a separate build directory tree.
* Analyze at link-time whether bootloader images will fit in memory and won't
overlap each other at run time. If it is not the case then image linking
will now fail.
* Reduce the size of the bootloader images by cutting some sections out of
their disk images and allocating them at load time, whenever possible.
* Properly initialise the C runtime environment. C code can now safely assume
that global variables are initialised to 0 and that initialised data holds
the correct value.
* General changes on the memory layout: some sections have been moved, some of
them have been merged together, and some alignment constraints on sections
have changed.
* Enable third party contributions. Add a new contributing.md containing
instructions for how to contribute and update copyright text in all files to
acknowledge contributors.
* The wake up enable bit in the FVP power controller is cleared when a cpu is
physically powered up to prevent a spurious wake up from a subsequent cpu
off state.
* Definitions of some constants related to the PSCI api calls AFFINITY_INFO
and CPU_SUSPEND have been corrected.
* A bug which triggered an error condition in the code executed after a cpu
is powered on, if a non zero context id parameter was passed in the PSCI
CPU_ON and CPU_SUSPEND api calls has been corrected.
* A restriction in the FVP code which did not allow the non-secure entrypoint
to lie outside the DRAM has been removed.
* The PSCI CPU_SUSPEND api has been stabilised to an extent where it can be
* The PSCI CPU_SUSPEND API has been stabilised to the extent where it can be
used for entry into power down states with the following restrictions:
- Entry into standby states is not supported.
- The api is only supported on the AEMv8 Base FVP.
- The API is only supported on the AEMv8 and Cortex-A57-A53 Base FVPs.
* The PSCI AFFINITY_INFO api has undergone limited testing on the AEMv8 Base
FVP to allow experimental use.
* Locks corresponding to each affinity level are acquired and released in
the correct sequence in the PSCI implementation. Invocation of the PSCI
CPU_SUSPEND and CPU_OFF apis simultaneously across cpus & clusters should
not result in unexpected behaviour.
* The API to return the memory layout structures for each bootloader stage has
undergone change. A pointer to these structures is returned instead of their
copy.
* The PSCI AFFINITY_INFO api has undergone limited testing on the Base FVPs to
allow experimental use.
* Required C library and runtime header files are now included locally in ARM
Trusted Firmware instead of depending on the toolchain standard include
paths. The local implementation has been cleaned up and reduced in scope.
Implementations for `putchar()` and `strchr()` were added to the local C
library.
* GCC compiler built-in function support has been disabled in order to improve
compiler independence.
* Added I/O abstraction framework, primarily to allow generic code to load
images in a platform-independent way. The existing image loading code has
been reworked to use the new framework. Semi-hosting and NOR flash I/O
drivers are provided.
* The references to GitHub issues in the documentation now to point to a
separate issue tracking repository
https://github.com/ARM-software/tf-issues.
* Introduced Firmware Image Package (FIP) handling code and tools. A FIP
combines multiple firmware images with a Table of Contents (ToC) into a
single binary image. The new FIP driver is another type of I/O driver. The
Makefile builds a FIP by default and the FVP platform code expect to load a
FIP from NOR flash, although some support for image loading using semi-
hosting is retained.
* Cleared bits in the architectural trap feature register (CPTR_EL3) during
early boot to prevent traps when accessing certain registers, including
floating point registers. Also added `-mgeneral-regs-only` flag to GCC
settings to prevent generation of code using floating point registers.
NOTE: Building a FIP by default is a non-backwards-compatible change.
* The GICv3 distributor can have more ports than CPUs are available in the
system. The GICv3 re-distributors are probed to work out which
re-distributor should be used with which CPU.
NOTE: Generic BL2 code now loads a BL3-3 (non-trusted firmware) image into
DRAM instead of expecting this to be pre-loaded at known location. This is
also a non-backwards-compatible change.
* Add multi-platform support to the build system. The user may now specify
which platform to build using PLAT=<platform> as part of the make command
line. Default behaviour is to make all platforms. New platforms are
automatically detected by the make file when they are added to the plat
directory.
NOTE: Some non-trusted firmware (e.g. UEFI) will need to be rebuilt so that
it knows the new location to execute from and no longer needs to copy
particular code modules to DRAM itself.
* An issue in the PSCI implementation has been fixed which could result in the
power down of an affinity instance at level X even though at least one
affinity instance at level X - 1 does not allow this.
* Reworked BL2 to BL3-1 handover interface. A new composite structure
(bl31_args) holds the superset of information that needs to be passed from
BL2 to BL3-1, including information on how handover execution control to
BL3-2 (if present) and BL3-3 (non-trusted firmware).
* Added library support for CPU context management, allowing the saving and
restoring of
- Shared system registers between Secure-EL1 and EL1.
- VFP registers.
- Essential EL3 system registers.
* Added a framework for implementing EL3 runtime services. Reworked the PSCI
implementation to be one such runtime service.
* Reworked the exception handling logic, making use of both SP_EL0 and SP_EL3
stack pointers for determining the type of exception, managing general
purpose and system register context on exception entry/exit, and handling
SMCs. SMCs are directed to the correct EL3 runtime service.
* Added support for a Test Secure-EL1 Payload (TSP) and a corresponding
Dispatcher (TSPD), which is loaded as an EL3 runtime service. The TSPD
implements Secure Monitor functionality such as world switching and
EL1 context management, and is responsible for communication with the TSP.
NOTE: The TSPD does not yet contain support for secure world interrupts.
NOTE: The TSP/TSPD is not built by default.
Issues resolved since last release
----------------------------------
* Support has been added for switching context between secure and normal
worlds in EL3.
* PSCI API calls `AFFINITY_INFO` & `PSCI_VERSION` have now been tested (to
a limited extent).
* The ARM Trusted Firmware build artifacts are now placed in the `./build`
directory and sub-directories instead of being placed in the root of the
project.
* The ARM Trusted Firmware is now free from build warnings. Build warnings
are now treated as errors.
* The ARM Trusted Firmware now provides C library support locally within the
project to maintain compatibility between toolchains/systems.
* The PSCI locking code has been reworked so it no longer takes locks in an
incorrect sequence.
* The RAM-disk method of loading a Linux file-system has been confirmed to
work with the ARM Trusted Firmware and Linux kernel version (based on
version 3.13) used in this release, for both Foundation and Base FVPs.
Known issues
------------
The following is a list of issues which are expected to be fixed in the future
releases of the ARM Trusted Firmware.
* The TrustZone Address Space Controller (TZC-400) is not being programmed
yet. Use of model parameter `-C bp.secure_memory=1` is not supported.
* No support yet for secure world interrupt handling.
* GICv3 support is experimental. The Linux kernel patches to support this are
not widely available. There are known issues with GICv3 initialization in
the ARM Trusted Firmware.
* Dynamic image loading is not available yet. The current image loader
implementation (used to load BL2 and all subsequent images) has some
limitations. Changing BL2 or BL3-1 load addresses in certain ways can lead
to loading errors, even if the images should theoretically fit in memory.
* The ARM Trusted Firmware uses too much on-chip Trusted SRAM. Currently the
Test Secure-EL1 Payload (BL3-2) executes in Trusted DRAM since there is not
enough SRAM. A number of RAM usage enhancements have been identified to
rectify this situation.
* CPU idle does not work on the advertised version of the Foundation FVP.
Some FVP fixes are required that are not available externally at the time
of writing.
* Various bugs in ARM Trusted Firmware, UEFI and the Linux kernel have been
observed when using Linaro toolchain versions later than 13.11. Although
most of these have been fixed, some remain at the time of writing. These
mainly seem to relate to a subtle change in the way the compiler converts
between 64-bit and 32-bit values (e.g. during casting operations), which
reveals previously hidden bugs in client code.
* The tested filesystem used for this release (Linaro AArch64 OpenEmbedded
14.01) does not report progress correctly in the console. It only seems to
produce error output, not standard output. It otherwise appears to function
correctly. Other filesystem versions on the same software stack do not
exhibit the problem.
* The Makefile structure doesn't make it easy to separate out parts of the
Trusted Firmware for re-use in platform ports, for example if only BL3-1 is
required in a platform port. Also, dependency checking in the Makefile is
flawed.
* The firmware design documentation for the Test Secure-EL1 Payload (TSP) and
its dispatcher (TSPD) is incomplete. Similarly for the PSCI section.
ARM Trusted Firmware - version 0.2
@ -177,11 +223,6 @@ releases of the ARM Trusted Firmware.
to the kernel.
Detailed changes since last release
-----------------------------------
First source release - not applicable.
- - - - - - - - - - - - - - - - - - - - - - - - - -
_Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved._

64
readme.md
View file

@ -1,8 +1,8 @@
ARM Trusted Firmware - version 0.2
ARM Trusted Firmware - version 0.3
==================================
ARM Trusted Firmware provides a reference implementation of secure world
software for [ARMv8-A], including Exception Level 3 (EL3) software. This first
software for [ARMv8-A], including Exception Level 3 (EL3) software. This
release focuses on support for ARM's [Fixed Virtual Platforms (FVPs)] [FVP].
The intent is to provide a reference implementation of various ARM interface
@ -11,9 +11,9 @@ Board Boot Requirements (TBBR) and [Secure Monitor] [TEE-SMC] code. As far as
possible the code is designed for reuse or porting to other ARMv8-A model and
hardware platforms.
This release is the first one as source code: an initial prototype
release was available in binary form in the [Linaro AArch64 OpenEmbedded
Engineering Build] [AArch64 LEB] to support the new FVP Base platform
This release builds on the previous source code release, which has been
available in source and binary form since the [Linaro AArch64 OpenEmbedded 13.11
Engineering Build] [AArch64 LEB]. These support the Base FVP platform
models from ARM.
ARM will continue development in collaboration with interested parties to
@ -32,14 +32,16 @@ source files.
This Release
------------
This software is an early implementation of the Trusted Firmware. Only
This release is an incomplete implementation of the Trusted Firmware. Only
limited functionality is provided at present and it has not been optimized or
subjected to extended robustness or stress testing.
### Functionality
* Initial implementation of a subset of the Trusted Board Boot Requirements
Platform Design Document (PDD).
Platform Design Document (PDD). This includes packaging the various firmware
images into a Firmware Image Package (FIP) to be loaded from non-volatile
storage.
* Initializes the secure world (for example, exception vectors, control
registers, GIC and interrupts for the platform), before transitioning into
@ -52,10 +54,16 @@ subjected to extended robustness or stress testing.
if available, otherwise EL1.
* Handles SMCs (Secure Monitor Calls) conforming to the [SMC Calling
Convention PDD] [SMCCC].
Convention PDD] [SMCCC] using an EL3 runtime services framework.
* Handles SMCs relating to the [Power State Coordination Interface PDD] [PSCI]
for the Secondary CPU Boot and CPU hotplug use-cases.
for the Secondary CPU Boot, CPU hotplug and CPU idle use-cases.
* A Test Secure-EL1 Payload and Dispatcher to demonstrate Secure Monitor
functionality such as world switching and EL1 context management. This
also demonstrates Secure-EL1 interaction with PSCI. Some of this
functionality is provided in library form for re-use by other Secure-EL1
Payload Dispatchers.
For a full list of updated functionality and implementation details, please
see the [User Guide]. The [Change Log] provides details of changes made
@ -66,26 +74,27 @@ since the last release.
This release of the Trusted Firmware has been tested on the following ARM
[FVP]s (64-bit versions only):
* `FVP_Base_AEMv8A-AEMv8A` (Version 5.1, Build 0.8.5108).
* `FVP_Base_Cortex-A57x4-A53x4` (Version 5.1, Build 0.8.5108).
* `FVP_Base_Cortex-A57x1-A53x1` (Version 5.1, Build 0.8.5108).
* `Foundation_v8` (Version 2.0, Build 0.8.5206)
* `FVP_Base_AEMv8A-AEMv8A` (Version 5.4, Build 0.8.5405)
* `FVP_Base_Cortex-A57x4-A53x4` (Version 5.4, Build 0.8.5405)
* `FVP_Base_Cortex-A57x1-A53x1` (Version 5.4, Build 0.8.5405)
These models can be licensed from ARM: see [www.arm.com/fvp] [FVP].
For an updated list of supported platforms, please see the [Change Log].
The Foundation FVP can be downloaded free of charge. The Base FVPs can be
licensed from ARM: see [www.arm.com/fvp] [FVP].
### Still to Come
* Complete implementation of the [PSCI] specification.
* Secure memory, Secure monitor, Test Secure OS & Secure interrupts.
* Secure memory, Secure interrupts and support for other types of Secure-EL1
Payloads.
* Booting the firmware from a block device.
* Booting the firmware from a Virtio block device.
* Completing the currently experimental GICv3 support.
For a full list of detailed issues in the current code, please see the [Change
Log].
Log] and the [GitHub issue tracker].
Getting Started
@ -97,6 +106,8 @@ Get the Trusted Firmware source code from
See the [User Guide] for instructions on how to install, build and use
the Trusted Firmware with the ARM [FVP]s.
See the [Firmware Design] for information on how the ARM Trusted Firmware works.
See the [Porting Guide] as well for information about how to use this
software on another ARMv8-A platform.
@ -107,8 +118,7 @@ project.
### Feedback and support
ARM welcomes any feedback on the Trusted Firmware. Please send feedback using
the [GitHub issue tracker](
https://github.com/ARM-software/tf-issues/issues).
the [GitHub issue tracker].
ARM licensees may contact ARM directly via their partner managers.
@ -123,11 +133,13 @@ _Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved._
[Acknowledgements]: ./acknowledgements.md "Contributor acknowledgements"
[Change Log]: ./docs/change-log.md
[User Guide]: ./docs/user-guide.md
[Firmware Design]: ./docs/firmware-design.md
[Porting Guide]: ./docs/porting-guide.md
[ARMv8-A]: http://www.arm.com/products/processors/armv8-architecture.php "ARMv8-A Architecture"
[FVP]: http://www.arm.com/fvp "ARM's Fixed Virtual Platforms"
[PSCI]: http://infocenter.arm.com/help/topic/com.arm.doc.den0022b/index.html "Power State Coordination Interface PDD (ARM DEN 0022B.b)"
[SMCCC]: http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html "SMC Calling Convention PDD (ARM DEN 0028A)"
[TEE-SMC]: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php "Secure Monitor and TEEs"
[AArch64 LEB]: http://releases.linaro.org/13.09/openembedded/aarch64 "Linaro AArch64 OpenEmbedded ARM Fast Model 13.09 Release"
[ARMv8-A]: http://www.arm.com/products/processors/armv8-architecture.php "ARMv8-A Architecture"
[FVP]: http://www.arm.com/fvp "ARM's Fixed Virtual Platforms"
[PSCI]: http://infocenter.arm.com/help/topic/com.arm.doc.den0022b/index.html "Power State Coordination Interface PDD (ARM DEN 0022B.b)"
[SMCCC]: http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html "SMC Calling Convention PDD (ARM DEN 0028A)"
[TEE-SMC]: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php "Secure Monitor and TEEs"
[AArch64 LEB]: http://releases.linaro.org/13.11/openembedded/aarch64 "Linaro AArch64 OpenEmbedded ARM Fast Model 13.11 Release"
[GitHub issue tracker]: https://github.com/ARM-software/tf-issues/issues