| Age | Commit message (Collapse) | Author |
|---|
|
This code can be used for tc0, tc1 and tc2 testing so change from
tc0 naming to tc.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: Ied011db0cd688936d6ba20e48c5206de4891e732
|
|
|
|
The tests of setup and discovery interfaces
took too much space. Made more summarized
and clean.
Tests still show relevant information in case of
failure.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I32901c257ed42bc684eb5a9432b862ad8d824255
|
|
FF-A specification requires that partitions that specify an
optional boot order value must use a unique value.
Fix cactus and ivy partition manifests to meet this requirement
and establish convention that cactus partitions will boot in order,
starting with primary partition, and ivy partition will boot after
all cactus partitions.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: Id81b0709d3cab0c078b571b1227a0e91678611db
|
|
This reverts commit 353a6cebde2586a866142f7dfbc6b8df644d03cd.
Reverting due to failure in Arm internal RMM CI which stops tagging of
rc0 for v2.9 release, Once the proper fix is found it will be taken
back either in next tag or after v2.9 release.
Failure log:
SMC_RMM_VERSION > 380000
RMM version is: 56.0
> Executing 'Realm payload multi CPU request'
SMC_RMM_VERSION > 380000
INFO: Booting
SMC_RMM_VERSION > 380000
INFO: Powering off
INFO: Booting
SMC_RMM_VERSION > 380000
INFO: Powering off
INFO: Booting
SMC_RMM_VERSION > 380000
INFO: Powering off
INFO: Booting
SMC_RMM_VERSION > 380000
INFO: Powering off
SMC_RMM_VERSION > 380000
INFO: Powering off
INFO: Booting
SMC_RMM_VERSION > 380000
INFO: Powering off
ERROR: Error: fffffffa
PANIC in file: spm/cactus/cactus_main.c line: 108
Change-Id: Id5179deb5324c1bd2fac41c7a030bf7e09a1c222
|
|
This patch modifies existing secure interrupt tests to test interrupt
routing to particular cores/mpidr. Hafnium added a new field
"interrupts-target" to enable targeting interrupts to cores that are NOT
the boot core. This change modifies the cactus manifest to target the
secure watchdog timer (existing secure interrupt on fvp) to a particular
mpidr. To test interrupt handling, it converts the existing tests that
use the secure watchdog timer to test interrupt handling, to multi
core tests, such that the same test runs on the appropriate mpidr as
opposed to the boot core. Since the interrupt may be targeted to a
secondary PE, the corresponding secondary vcpus of cactus need a round
of ffa_run to function, which has also been added.
The mpidr to target to is platform specific and is defined as a platform
specific macro.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I27f48cde68945e59fb2ce84625ca145048eaffd1
|
|
* changes:
test(tftf): test FPU state registers context is preserved in RL/SE/NS
refactor(tftf): move SIMD/FPU save/restore routine to common lib
|
|
- Move FPU routines to common lib
- FPU/SIMD state consist of the 32 SIMD vectors, FPCR and FPSR registers
- Test that FPU/SIMD state are preserved during a context switch
between secure/non-secure.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I88f0a9f716aafdd634c4eae5b885f839bb3deb00
|
|
With the introduction of ffa_console_log abi, implementation-
defined debug logging is deprecated. Remove support for
SPM_DEBUG_LOG and use FFA_CONSOLE_LOG instead.
Also remove test for FFA_CONSOLE_LOG as it is now used as default
logger. Removing it cleans up test prints.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: Ibe02e14105aaa1658153ba35a5fc8e852ae3f955
|
|
* changes:
chore: reorder logs in the memory sharing tests
fix: attributes for ns memory region
|
|
This patch provides support for registering and unregistering
handler that is invoked by Cactus SP while processing virtual
irq interrupt. For this, we simply repurpose the existing framework
that was used to perform tail end of interrupt handling.
Also, this patch increases the count of virtual interrupts supported
by Cactus SP inline with the corresponding change in Hafnium[1].
[1] https://review.trustedfirmware.org/c/hafnium/hafnium/+/19232
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: Ife41f0d3bb7eebb7c78657abb5b4c5ad41202bb9
|
|
Cactus SP was using the wrong attribute value to use a memory region as
non-secure.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ide881e4b99c792e0c7486aad5d8e5d8001505ca1
|
|
Updates tests to pass when built against
https://review.trustedfirmware.org/c/hafnium/hafnium/+/18909
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: Ic6c39ca6916b9f9298d7668021963fec287b72c8
|
|
In [1] Hafnium mandates that every memory region allocated in the
manifest must be page aligned.
If the base address is not present, hafnium would allocate the
memory region. In the manifest structure, the value of the field
would be MANIFEST_INVALID_ADDRESS(all 0xfs), which would cause the
alignment validation to fail.
Hafnium allocation of memory region is dropped in [2].
The patch removes instances of such type of memory regions from
cactus partition manifest.
[1] https://review.trustedfirmware.org/c/hafnium/hafnium/+/17304
[2] https://review.trustedfirmware.org/c/hafnium/hafnium/+/19939
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I443e30b18531072cd108c58eb0762f3bffbaf65a
|
|
In the cactus entry point there is remnant call to the platform specific
physical MPIDR to linear id conversion routine. This is incorrect
because S-EL1 read of MPIDR is emulated by the SPMC and returns the vCPU
linear id rather than the physical MPIDR.
Add a check that the core linear id inferred by MPIDR is matching the id
passed by the SPMC through x4. This feature was added to support legacy
TEEs expecting the core linear id to be passed by TF-A.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I6902e8f06ab6c79953f6891e582fc8975825a6c4
|
|
FF-A Version 1.1 adds several additional flags to
the properties field of the partition information
descriptors. Test that execution state flag is set
when FF-A v1.1 is specified and zero when FF-A v1.0
descriptors are being used.
Currently only 64-bit execution state is supported for
FF-A compliant partitions.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: Ice1b9a5a417e89cb26dd642be49348e8bfa282b9
|
|
Remove references to former SPCI/SPRT implementation pre-dating now
released FF-A specification.
Remove the sample quark partition image based on those deprecated
specifications.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I5b4e51457307c4ff5befd46132fd26d4ef21cdfa
|
|
Certain negative tests perform corner testing leading to error
messages being reported. These error messages are expected. It is
in the best interest of user to qualify them as VERBOSE to not
cause confusion.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I765cb1763c8641134d892c2f5f89861e2a9b5666
|
|
Please refer to detailed description in the comment preceding the
helper function introduced in cactus_interrupt.c file.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: Ie70d68514dac44211767d611db6d84991a8b48c6
|
|
TFTF can send a hint to the destination SP to expect that the
forwarded sleep command could be preempted by a non-secure interrupt.
This can make the tests exercising SP's response to non-secure
interrupt robust by allowing the destination SP to check if the
forward destination SP has indeed been preempted.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I808ee6c63687438d0092a53389f11bf9b3dd532d
|
|
An SP could be interrupted by a NS interrupt whilst handling a direct
message request from another SP. The target SP could send a managed
exit response, if supported.
Consequently, the sender of the direct message request resumes the
target SP by allocating CPU cycles using dummy direct message request.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I697aeb189da12850af9a1db4c3e3e550b5b36541
|
|
An SP could specify, through its partition manifest, that the
preferred signaling mechanism for it to handle managed exit is
vIRQ instead of the default choice (vFIQ).
Hence, separate the vIRQ and vFIQ handlers and add support for
identifying the source of the direct message request for the current
endpoint to send the managed exit response.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I06d6d81232de58779f81f40d4c6d2a96df0da27a
|
|
Added support for discovering managed exit interrupt ID in Cactus SP
using FFA_FEATURES ABI during partition initialization.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I0b6ea04fc18d6903d821e2f890e4e0a4ad5d568a
|
|
As per FF-A v1.1 EAC0 spec, SP must specify action in response to non
secure interrupt in its manifest.
Possible actions:
> NS Interrupt queued:= 0
> NS Interrupt signaled with ME:= 1
> NS Interrupt signaled:= 2
Moreover, the unsupported field "run-time-model" is removed from the
manifest of various secure partitions.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: Ic350173e43379cf2421565e0973c6ba7995aa70b
|
|
FF-A v1.1 EAC0 spec states that partition manager must return DENIED
as the error code when an illegal transition is attempted by a vCPU.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: Ibb86cc4e688c9f64d83a776dddb4434c741d268f
|
|
FF-A v1.1 EAC0 Figure 7.1 depicts an endpoint in Waiting state can
enter the runtime model for FFA_RUN through the ERET conduit.
This change adds this case to the cactus main loop.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I655ac0a7240bcfd25932e1a4cf51c331baceaf47
|
|
To prevent concurrency errors make it so generate_json.sh is
only called once during make. To do this supply a list of
present partitions to the script and generate the sp_layout
file using this.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: If9987cf5cd88be4ca617ce304e37d95346fb481b
|
|
|
|
Some verbose message logs in TF-A-Tests needed to be
updated in accordance to [1].
In the referred patch a common structure was introduced
for ff-a calls. This patch fixes pending changes in
verbose log messages.
[1] https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/14733
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ib20919d1933f601ed36d9f1011c94193adf4847a
|
|
Add Cactus FF-A test to exercise FFA_CONSOLE_LOG ABI.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: Icad3b546c8eddd80c7a9cc3843d39679e91c6c2a
|
|
The EAC0 v1.1 FF-A spec now requires that the UUID field in the
partition information descriptors is only populated when
FFA_PARTITION_INFO_GET is supplied with a null uuid (Table 13.37).
This patch updates the tests to check for this.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I241c6bed4fc5f63ec91a7b86725be5b2ee838601
|
|
|
|
Fix [1] by increasing cactus number of xlat tables.
This permits running the SP SP mem sharing of a buffer located at a
high physical PA region.
Test config [2] provides the model parameters to configurare the PE,
interconnect and SMMU to handle 48b physical address size.
[1] https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/13599
[2] https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/15445
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia290f15a6d30c898a5219d2bc1c3949b6ae7e7ef
|
|
Move cactus_test_ffa.c to a common directory for SPs so the
ivy partition can also run the same tests.
We also create a sp_platform_def.h file which contains various
plaform defines required for the tests. This header is defined
in both cactus and ivy directories and then fvp and tc0
subdirectories within those. The appropriate header for the sp
and platform being built is then included in the build scripts.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: If65d099d43cd930ef730539b5ad1596e686f788a
|
|
Allow the ivy partition to use the ffa_helpers functions.
To achieve this we create a common struct for ff-a calls that is
used for both parameters and returns, this aligns with the Hafnium
implementation. We can then use preprocessor macros to pick either
SMC or SVC as the conduit depending on the exception level the SP
is running at.
Change-Id: Ic9525baabcf40d15545b6f6d504cf954373f08f9
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
|
|
Starting from [1], Cactus remains the sample S-EL1 partition.
Ivy remains the sample "S-EL0 partition" either using the shim at S-EL1
(as of today), or leveraging Hafnium VHE (reason for this change).
The same code base is re-used by adding the IVY_SHIM toggle. IVY_SHIM=1
is default using the shim, or 0 to use VHE (and strip the shim out).
Using svc helper from spm/common/aarch64/sp_arch_helpers.S
We must modify generate_json.sh so it only adds the partition
information to the layout file for the sp given in arg1. This allows
the ability for sp's to pass flags to the script such as IVY_SHIM which
is used to vary the dts file included for ivy.
Typical build command for a VHE-enabled Ivy partition:
make CROSS_COMPILE=aarch64-none-elf- PLAT=fvp DEBUG=1 TESTS=spm
ARM_ARCH_MINOR=5 BRANCH_PROTECTION=1 IVY_SHIM=0 ivy -j8
The intent is to create a dedicated tftf_config build config for the
VHE-enabled build in the CI.
[1] https://trustedfirmware-a-tests.readthedocs.io/en/latest/getting_started/build.html#cactus-and-ivy
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I34125b375b043c61c44ede558802d8ae757bd51f
|
|
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3359b2e6e73dd0ceb923c953a6b18badd871294b
|
|
Prepare secure partitions to receive boot information:
- In the partition's manifest, the GP register to receive the address in,
and the list of boot information.
- Implemented function to dump boot information.
- Update generation of SP Layout file to include offsets for image and
partition manifest.
- Change partition manifest offsets to match the information in the
SP layout.
Signed-off-by: J-Alves <joao.alves@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I87d2b135379d535ccaa1a3a0a822e964cca47185
|
|
A test sharing memory in the 48-bit address range is breaking TC0
build, define the same memory region for TC0 platform as well.
Currently the test is skipped since TC0 is configured with a 40bit PA
range.
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
Change-Id: I2ccc5757a63cd6473a33b1a396187bcb66fc5726
|
|
* changes:
test(interrupts): check if last service interrupt is Trusted Wdog timer
feat(interrupts): query last serviced interrupt
test(interrupts): use custom handler for interrupt
feat(interrupts): support for registering custom handler
refactor(interrupts): enhance secure interrupt handling test
|
|
Define a new shared memory region in 48-bit address range
(configured as NS in the TZC) in cactus-tertiary's manifest.
Since SPs can share either secure or non-secure memory, propagate the
security information in the relevant cactus commands:
CACTUS_REQ_MEM_SEND_CMD and CACTUS_MEM_SEND_CMD.
Change-Id: I10af24c96ff8fc0d13c80a52b0264a1482a5cf56
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
|
|
This patch introduces a helper API to request Cactus SP to return the
ID of the last serviced secure virtual interrupt. It is built on cactus
command framework by leveraging direct message request and response
pair.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I316268f4d9b80f29c308d1a1488945a272ffbc93
|
|
SP registers a custom handler that checks and updates a flag. Once
the watchdog interrupt triggers, the custom handler is invoked at
the tail end of interrupt handling. This helps the test to ensure
the virtual interrupt corresponding to the trusted watchdog timer
was correctly handled.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I7e388076165d097ec7f2bb493b83fe11d2bc0f34
|
|
This patch provides support for registering and unregistering
handler that is invoked by SP at the tail end of the virtual interrupt
processing.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: Ia12686361063bb680ff32b4f4bf90e0af2521c36
|
|
This test makes sure SPMC was able to handle back-to-back
secure interrupts targetting Cactus SP while the SP was in
RUNNING state.
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: If2e93017e2c21ad91fe527fb140f0fd5e0252370
|
|
Invalid_access test suite performs negative tests by accessing invalid
memory and catching it in custom exception handler.
This test suite was made part of standard tests which is called for all
platforms and each EL3 configuration. This test was failing for the
case when EL3 was build with "HANDLE_EA_EL3_FIRST = 1" causing
exceptions to be trapped in EL3 and not forwarded to EL2 to be handled
by custom exception handler.
To avoid this problem, remove this suite from standard test and
introduce a new test configuration.
This patch also fixes a minor compilation error in file
cactus_test_memory_sharing.c
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8a13617a01411be45c623dde2ccfc7d950f05f9a
|
|
|
|
This change adds TFTF and cactus tests to check a realm region cannot
be accessed from secure world.
A non-secure buffer is delegated to realm PAS and shared to a secure
partition through FF-A memory sharing operations.
The SP retrieves the region from the SPM, maps it and attempts a write
access. The PE is expected to trigger a GPF data abort caught by a
custom exception handler.
Exception is trapped at S-EL1 within the secure partition because
Hafnium configures HCR_EL2.GPF=0 (and SCR_EL3.GPF=0).
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I8f855f394d0490b3584e60ceba4f3d2a20197495
|
|
Extend the test command CACTUS_MEM_SEND_CMD:
- To include the flags for the retriever to use in transaction
descriptor to the FFA_MEM_RETRIEVE_REQ.
- Number of words cactus should write to the shared page after
retrieving it.
- Check if memory has been cleared after mapping to cactus address space
if clear memory flag was propagated in the command arguments.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I825b0f766bd7132a3488cdd17d83fce85adf4a5a
|
|
The GP registers x0-x4 can be used to pass information from the SPMC
to the SP at cold boot.
They are also used for initialization operations before execution gets
to the main function.
This patch saves their state at the entry to a cold boot, and restores
them before jumping to cactus main.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0c4efe8b35a50596813645b0e94df3cced73d855
|
