Add a command-line option (-M or --no_mcheck) to disable mcheck heap
protection at runtime. When mcheck is disabled, the wrapper functions
pass through directly to the underlying allocator without adding
headers or checking for corruption.
This is useful for debugging when mcheck interferes with test results,
such as when memory-leak detection reports false positives due to
accumulated allocations from other tests.
Changes:
- Add disable_mcheck flag to sandbox_state
- Add mcheck_set_disabled() function to mcheck API
- Modify dlmalloc wrappers to bypass mcheck when disabled
- Add stub for when MCHECK_HEAP_PROTECTION is not enabled
- Document the new option in sandbox.rst
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When running sandbox with lots of console output, the vidconsole slows
things down significantly since it renders truetype fonts to the
internal framebuffer. Add a -Q/--quiet_vidconsole command-line option
that removes vidconsole from stdout and stderr, using only the serial
console.
This can provide a ~300x speedup for output-heavy operations.
Co-developed-by: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a new section covering how to write expo tests, including test
structure, memory checking, creating test expos, testing rendering
and input, building from devicetree, and using IDs.
Also add a debugging section with sandbox command-line options useful
for expo development. Add a bit more detail for --video_frames
Co-developed-by: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add doc/develop/malloc.rst documenting U-Boot's dynamic memory
allocation implementation:
- Overview of pre/post-relocation malloc phases
- dlmalloc 2.8.6 version and features
- Data structure sizes (~500 bytes vs 1032 bytes in 2.6.6)
- Configuration options for code-size optimization
- Debugging features (mcheck, valgrind, malloc testing)
- API reference
Also add an introductory comment to dlmalloc.c summarising the
U-Boot configuration.
Series-to: concept
Series-cc: heinrich
Cover-letter:
malloc: Import dlmalloc 2.8.6
This series imports dlmalloc 2.8.6 from Doug Lea, replacing the old
version 2.6.6 that U-Boot has been using since 2002.
The new version provides:
- Better memory efficiency with improved binning algorithms
- More robust overflow checking via MAX_REQUEST
- Somewhat cleaner codebase
All U-Boot-specific modifications from the historical commits have been
ported to the new implementation, including:
- Pre-relocation malloc via malloc_simple
- Valgrind annotations
- Malloc testing infrastructure
- mcheck heap protection support
- Sandbox USE_DL_PREFIX support
The approach here is to leave the upstream code unchanged, so much as
possible, clearly marking U-Boot-specific changes with an #ifdef
Unfortunately the code size is not great out-of-the-box, so the final
part of the series includes some options to remove in-place realloc(),
provide a simplified init, remove the tree stucture for large blocks
and a few other things.
With these adjustments the new version is about 1K less code on Thumb2
(firefly-rk3288).
The new free() algorithm is more sophisticated but also larger. If
needed we might be able to shrink by a few hundred bytes. Of course SPL
doesn't normally use free() so the benefit might be minimal.
Another point worth mentioning is that the pre-inited av_[] array has
been replaced replaced with a BSS _sm_ struct which reduces the image
size by about 1.5K. One patch adjusts some imx8mp boards to deal with
the larger BSS.
Some code-size stats:
$ buildman -b mala imx8mp_venice firefly-rk3288 firefly-rk3399 -sS --step 0
Summary of 2 commits for 3 boards (3 threads, 11 jobs per thread)
01: backtrace: Strip the source tree prefix from filenames
aarch64: w+ imx8mp_venice firefly-rk3399
40: doc: Add malloc documentation
aarch64: (for 2/2 boards) all -3904.0 bss +864.0 data -2076.0
spl/u-boot-spl:all -654.0 spl/u-boot-spl:bss +316.0
spl/u-boot-spl:data -1034.0 spl/u-boot-spl:text +64.0 text -2692.0
arm: (for 1/1 boards) all -1436.0 data -1040.0 text -396.0
For the new malloc.h I have avoided including string.h so have added
that to various places that need it.
The existing common/dlmalloc.src file is left alone.
In order to bring this in without losing functionality, I went through
the patches applied to the original implementation over time. Where
these commits were added, they are added as a cherry-pick, with the
original commit hash.
Here is a list of what was done with each U-Boot commit on top of the
new common/dlmalloc.c and include/malloc.h:
1. 217c9dad82 2002-10-25 Initial revision
- Ignored
2. 5b1d713721 2002-11-03 Initial revision
- Ignored
3. 8bde7f776c 2003-06-27 * Code cleanup:
- Ignored as we don't really want to change the style
4. d87080b721 2006-03-31 GCC-4.x fixes: clean up global data pointer initialization for all boards.
- Global data is not needed at this point
5. 81673e9ae1 2008-05-13 Make sure common.h is the first include.
- common.h has been removed
6. f2302d4430 2008-08-06 Fix merge problems
- no merge problems to fix with the new code
7. 60a3f404ac 2009-06-13 malloc.h: protect it against multiple include
- Already covered: new malloc.h has MALLOC_280_H include guards
8. 5e93bd1c9a 2009-08-21 Consolidate arch-specific sbrk() implementations
- Already covered: sbrk() and mem_malloc_init() in separate commit
9. d4e8ada0f6 2009-08-21 Consolidate arch-specific mem_malloc_init() implementations
- Already covered: mem_malloc_init() in separate commit
10. 521af04d85 2009-09-21 Conditionally perform common relocation fixups
- Not needed: Manual relocation removed in 4babaa0c28
11. b4feeb4e8a 2009-11-24 i386: Fix malloc initialization
- Already covered: mem_malloc_init() is common, no arch-specific guards
12. 2740544881 2010-01-15 malloc: return NULL if not initialized yet
- Done: Add check in dlmalloc() to return NULL if not initialized
13. ae30b8c200 2010-04-06 malloc: sbrk() should return MORECORE_FAILURE instead of NULL on failure
- Already covered: sbrk() returns MFAIL on failure
14. ea882baf9c 2010-06-20 New implementation for internal handling of environment variables.
- Not needed: Just changes #if 0 to #ifdef DEBUG for old stats code
15. 1ba91ba233 2010-10-14 dlmalloc.c: Fix gcc alias warning
- Not needed: New dlmalloc has no strict-aliasing warnings
16. 2e5167ccad 2010-10-28 Replace CONFIG_RELOC_FIXUP_WORKS by CONFIG_NEEDS_MANUAL_RELOC
- Not needed: Manual relocation removed in 4babaa0c28
17. 6163f5b4c8 2010-11-15 malloc: Fix issue with calloc memory possibly being non-zero
- Already covered: sbrk() clears memory on negative increment
18. 21726a7afc 2011-06-29 Add assert() for debug assertions
- Not needed: New dlmalloc uses U-Boot's global assert()
19. ea95cb7331 2011-09-10 utx8245: fix build breakage due to assert()
- Not needed: New dlmalloc has different debug check functions
20. 213adf6dff 2012-03-29 Malloc: Fix -Wundef warnings
- Not needed: New malloc.h doesn't have these #if issues
21. 93691842e8 2012-09-04 Fix strict-aliasing warning in dlmalloc
- Not needed: New dlmalloc has no malloc_bin_reloc()
22. 00d0d2ad4e 2012-06-03 malloc: remove extern declarations of malloc_bin_reloc() in board.c files
- Not needed: New dlmalloc has no malloc_bin_reloc()
23. 199adb601f 2012-10-29 common/misc: sparse fixes
- Not needed: New dlmalloc uses proper NULL
24. 7b395232da 2013-01-21 malloc: make malloc_bin_reloc static
- Not needed: New dlmalloc has no malloc_bin_reloc()
25. 472d546054 2013-04-01 Consolidate bool type
- Not needed: Just a comment change (True -> true)
26. d93041a4ca 2014-07-10 Remove form-feeds from dlmalloc.c
- Not needed: New dlmalloc doesn't have form-feeds
27. d59476b644 2014-07-10 Add a simple malloc() implementation for pre-relocation
- Done (updated): Redirect to malloc_simple before GD_FLG_FULL_MALLOC_INIT
28. 6d7601e744 2014-07-10 sandbox: Always enable malloc debug
- Done (updated): Combined with #64, use 'DEBUG 1' for new dlmalloc
29. 854d2b9753 2014-10-29 dlmalloc: ensure gd is set for early alloc
- Not needed: Reverted by #38
30. 868de51dde 2014-08-26 malloc: Output region when debugging
- Already covered: debug() message in mem_malloc_init()
31. c9356be307 2014-11-10 dm: Split the simple malloc() implementation into its own file
- Already covered: Redirect to malloc_simple.c via GD_FLG_FULL_MALLOC_INIT
32. 0aa8a4ad99 2015-03-04 dlmalloc: do memset in malloc init as new default config
- Already covered: SYS_MALLOC_CLEAR_ON_INIT at line 6396
33. fb5cf7f16b 2015-02-27 Move initf_malloc() to a common place
- Already covered: initf_malloc() at line 6357
34. 1eb0c03c21 2015-09-13 malloc_simple: Add Kconfig option for using only malloc_simple in the SPL
- Not needed: Changes to Kconfig/malloc_simple.c, not dlmalloc.c
35. 4f144a4164 2016-01-25 malloc: work around some memalign fragmentation issues
- Done (updated): Ported to internal_memalign() at line 4955
36. ee05fedc6c 2016-02-04 malloc: solve dead code issue in memalign()
- Not needed: New dlmalloc 2.8.6 has rewritten internal_memalign()
37. 2f0bcd4de1 2016-03-05 malloc: use hidden visibility
- Done (updated): Use DLMALLOC_EXPORT at line 546
38. deff6fb3a7 2016-03-05 malloc: remove !gd handling
- Not needed: Reverts #29, we don't add gd check
39. 4eece2602b 2016-04-21 common/dlmalloc.c: Delete content that was moved to malloc.h
- Not needed: New dlmalloc doesn't have #if 0 code
40. 034eda867f 2016-04-25 malloc: improve memalign fragmentation fix
- Done (updated): Combined with #35 in memalign workaround port
41. 4e33316f65 2017-05-25 malloc: Turn on DEBUG when enabling unit tests
- Already covered: Combined with #28, #63 at line 555
42. f1896c45cb 2017-07-24 spl: make SPL and normal u-boot stage use independent SYS_MALLOC_F_LEN
- Already covered: Use CONFIG_IS_ENABLED and CONFIG_VAL at line 6410
43. a874cac3b4 2017-11-10 malloc: don't compare pointers to 0
- Not needed: New dlmalloc uses proper NULL comparisons
44. ee038c58d5 2018-05-18 malloc: Use malloc simple before malloc is fully initialized in memalign()
- Already covered: memalign_simple redirect at line 5367
45. 7cbd2d2e32 2018-11-18 malloc_simple: Add logging of allocations
- Not needed: Changes to malloc_simple.c, not dlmalloc.c
46. 4c6be01c27 2019-03-27 malloc: Fix memalign not honoring alignment prior to full malloc init
- Already covered: Uses memalign_simple at line 5367
47. bb71a2d9dc 2019-10-25 dlmalloc: calloc: fix zeroing early allocations
- Done (updated): Port to dlcalloc() at line 4857
48. cfda60f99a 2020-02-03 sandbox: Use a prefix for all allocation functions
- Done: USE_DL_PREFIX and reverse mappings in malloc.h
49. be621c11b9 2020-04-15 dlmalloc: remove unit test support in SPL
- Already covered: CONFIG_IS_ENABLED(UNIT_TEST) at line 554
50. 9297e366d6 2020-04-29 malloc: dlmalloc: add an ability for the malloc to be re-init/init multiple times
- Not needed: No boards use CONFIG_SYS_MALLOC_DEFAULT_TO_INIT
51. f7ae49fc4f 2020-05-10 common: Drop log.h from common header
- Already covered: Includes log.h at line 559
52. 401d1c4f5d 2020-10-30 common: Drop asm/global_data.h from common header
- Already covered: Includes asm/global_data.h at line 557
53. c6bf4f3898 2021-02-10 malloc: adjust memcpy() and memset() definitions.
- Not needed: New malloc.h doesn't declare memset/memcpy
54. c197f6e279 2021-03-15 malloc: Export malloc_simple_info()
- Not needed: Only changes malloc.h, not dlmalloc.c
55. 5ad9220bf7 2021-05-29 malloc: add SPDX license identifiers
- Not needed: New dlmalloc has MIT-0 license from upstream
56. bdaeea1b68 2022-03-23 malloc: Annotate allocator for valgrind
- Done (updated): Valgrind annotations in dlmalloc(), dlfree(), dlrealloc()
57. 62d638386c 2022-09-06 test: Support testing malloc() failures
- Done: malloc_testing/malloc_max_allocs in dlmalloc()
58. f88d48cc74 2023-02-27 dlmalloc: Fix a warning with clang-15
- Done: Add (void) to dlmalloc_stats() function definition
59. c9db9a2ef5 2023-08-25 dlmalloc: Add support for SPL_SYS_MALLOC_CLEAR_ON_INIT
- Already covered: Uses CONFIG_IS_ENABLED() in mem_malloc_init() from #32
60. 6a595c2f67 2023-09-06 common: malloc: Remove unused NEEDS_MANUAL_RELOC code bits
- Not needed: NEEDS_MANUAL_RELOC has been removed
61. ac897385bb 2023-10-02 Merge branch 'next'
- Not needed: Merge commit, no dlmalloc changes
62. 3d6d507514 2023-09-26 spl: Use SYS_MALLOC_F instead of SYS_MALLOC_F_LEN
- Already covered: Uses CONFIG_IS_ENABLED(SYS_MALLOC_F) throughout
63. 1786861415 2023-10-07 malloc: Enable assertions if UNIT_TEST is enabled
- Done (updated): Combined with #28, use 'DEBUG 1' for new dlmalloc
64. c82ff48115 2024-03-31 mcheck: prepare +1 tier for mcheck-wrappers, in dl-*alloc commands
- Done (updated): Added STATIC_IF_MCHECK and *_impl macros for dlmalloc 2.8.6
65. dfba071ddc 2024-03-31 mcheck: Use memset/memcpy instead of MALLOC_ZERO/MALLOC_COPY for mcheck.
- Done: Undef and redefine MALLOC_ZERO/MALLOC_COPY when mcheck enabled
66. 151493a875 2024-03-31 mcheck: integrate mcheck into dlmalloc.c
- Done: Added mcheck wrapper functions for dlmalloc, dlfree, dlrealloc, dlmemalign, dlcalloc
67. ae838768d7 2024-03-31 mcheck: support memalign
- Done: Implemented dlmemalign wrapper with mcheck hooks
68. 18c1bfafe0 2024-03-31 mcheck: add pedantic mode support
- Done: Added mcheck_pedantic_prehook() calls and mcheck_pedantic()/mcheck_check_all() API
69. a79fc7a79c 2024-04-27 common: Remove <common.h> and add needed includes
- Not needed: common.h has been removed
70. d678a59d2d 2024-05-18 Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""
- Not needed: common.h has been removed
71. 03de305ec4 2024-05-20 Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"
- Not needed: common.h has been removed
72. 910cef3d2f 2024-07-13 common: Remove duplicate newlines
- Not needed: New dlmalloc has its own formatting from upstream
73. 6627fbba20 2024-07-23 include: Remove duplicate newlines
- Not needed: New malloc.h has its own formatting from upstream
74. 04894f5ad5 2024-07-30 malloc: Support testing with realloc()
- Done: Combined with #57, malloc_testing check in dlrealloc()
75. 8642b2178d 2024-08-02 dlmalloc: Fix integer overflow in request2size()
- Not needed: New dlmalloc 2.8.6 uses MAX_REQUEST for robust overflow checks
76. 0a10b49206 2024-08-02 dlmalloc: Fix integer overflow in sbrk()
- Already covered: sbrk() checks bounds before memset in U-Boot section
77. 9b9368b5c4 2024-08-02 dlmalloc: Make sure allocation size is within malloc area
- Not needed: New dlmalloc 2.8.6 uses MAX_REQUEST for robust overflow checks
78. 41fecdc94e 2024-10-21 common: Tidy up how malloc() is inited
- Already covered: mem_malloc_init() uses map_sysmem in U-Boot section
79. 22f87ef530 2025-08-17 malloc: Avoid defining calloc()
- Done: Added SYS_MALLOC_SIMPLE section to malloc.h with calloc redirect
END
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a new --video_frames option to sandbox which accepts a directory path.
When set, every video test assertion writes a BMP file (frame0.bmp,
frame1.bmp, etc.) to the specified directory, allowing visual inspection
of the framebuffer at each test step.
A new video_write_bmp() function writes 16/32bpp framebuffer contents as
Windows BMP files. On startup, any existing frame*.bmp files in the
directory are removed to ensure a clean state.
Usage example:
./u-boot --video_frames /tmp/frames -c "ut dm video_text"
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a new -V flag to sandbox which accepts a delay in milliseconds. This
causes video tests to pause after each assertion, allowing the display
output to be visually inspected.
This is useful for debugging video tests and understanding what is being
drawn at each step.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Some recent flags don't have documentation included. Before adding more
flags, fix these:
-A, --no_term_present: For pager testing
-k, --select_unittests: Select specific unit tests
-P, --pager_bypass: Enable pager-bypass mode
-W, --title: Set window title
Also fix the documentation for --double_lcd which uses -K not -k
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
The address chosen for testing this feature is 1MB which is part of the
sandbox RAM. When devices access this, e.g. with map_sysmem(), the
memory is mapped to a PCI device. Any changes then apply to that device
and are not written to memory. Reads also come from the device.
It is not safe to use RAM space in this way.
A symptom that something is wrong is the log message:
map_physmem: Warning: partial map at 100000, wanted 4, got 2000
Move the memory out of the way and document it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Fixes: 21ebbafde8 ("test: dm: Add a test for PCI Enhanced Allocation")
Normally it is possible to bind disk images using the 'host bind'
command. But when CONFIG_CMDLINE is not enabled, this is not possible.
Add a -B flag to provide equivalent functionality.
Signed-off-by: Simon Glass <sjg@chromium.org>
The FDT is near its limit and may overlap with the early-malloc region
if more things are added. Move it to a better location.
Series-to: u-boot
Signed-off-by: Simon Glass <sjg@chromium.org>
Series-links: 1:458276
Simon Glass <sjg@chromium.org> says:
This series includes the patches needed to make make the EFI 'boot' test
work. That test has now been split off into a separate series along with
the EFI patches.
This series fixes these problems:
- sandbox memory-mapping conflict with PCI
- the fix for that causes the mbr test to crash as it sets up pointers
instead of addresses for its 'mmc' commands
- the mmc and read commands which cast addresses to pointers
- a tricky bug to do with USB keyboard and stdio
- a few other minor things
Sandbox keeps a table of addresses which map to pointers which are
outside its emulated DRAM. The current range from 10000000 conflicts
with the PCI range, meaning that if PCI mapping is on, that particular
address can be decoded by PCI instead of the table.
Fix this by moving the range up to the top of memory. Update the docs
while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Remove both the ELDK and emdebian links as they are broken, and add a
link to the kernel.org toolchains which we use in CI.
Signed-off-by: Tom Rini <trini@konsulko.com>
The TCG event log buffer is being set at the end of ram memory. This
region of memory is to be reserved as LMB_NOMAP memory in the LMB
memory map. The current location of this buffer overlaps with the
memory region reserved for the U-Boot image, which is at the top of
the usable memory. This worked earlier as the LMB memory map was not
global but caller specific, but fails now because of the overlap.
Move the TCG event log buffer to the start of the ram memory region
instead. Move the location of the early trace buffer and the load
buffer for U-Boot(spl boot) accordingly.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add some brief documentation on using dump_pagetables() to print out
U-Boot's pagetables during boot.
Signed-off-by: Caleb Connolly <caleb.connolly@linaro.org>
Fix the devicetree used with sandbox. This is needed because the
default (full) devicetree must be used by all phases of boot, with
sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Title underlines should match the length of the title. Unfortunately
docutils only catches underlines that are too short.
Add some missing empty lines after titles.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Move this down by 4KB so that it is large enough to hold the devicetree.
Also fix up the devicetree address in the documetation while we are here.
Signed-off-by: Simon Glass <sjg@chromium.org>
Move this out of the main file since for simple users it is easier to
rely on standard boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Refresh the summary information so it is more up-to-date. Add links to
the coreboot and slimbootloader docs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
There is enough material that it makes sense to split this up into
several files. Create an x86/ directory for this purpose.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Provide armffa command showcasing the use of the U-Boot FF-A support
armffa is a command showcasing how to invoke FF-A operations.
This provides a guidance to the client developers on how to
call the FF-A bus interfaces. The command also allows to gather secure
partitions information and ping these partitions. The command is also
helpful in testing the communication with secure partitions.
For more details please refer to the command documentation [1].
A Sandbox test is provided for the armffa command.
[1]: doc/usage/cmd/armffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Emulate Secure World's FF-A ABIs and allow testing U-Boot FF-A support
Features of the sandbox FF-A support:
- Introduce an FF-A emulator
- Introduce an FF-A device driver for FF-A comms with emulated Secure World
- Provides test methods allowing to read the status of the inspected ABIs
The sandbox FF-A emulator supports only 64-bit direct messaging.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add Arm FF-A support implementing Arm Firmware Framework for Armv8-A v1.0
The Firmware Framework for Arm A-profile processors (FF-A v1.0) [1]
describes interfaces (ABIs) that standardize communication
between the Secure World and Normal World leveraging TrustZone
technology.
This driver uses 64-bit registers as per SMCCCv1.2 spec and comes
on top of the SMCCC layer. The driver provides the FF-A ABIs needed for
querying the FF-A framework from the secure world.
The driver uses SMC32 calling convention which means using the first
32-bit data of the Xn registers.
All supported ABIs come with their 32-bit version except FFA_RXTX_MAP
which has 64-bit version supported.
Both 32-bit and 64-bit direct messaging are supported which allows both
32-bit and 64-bit clients to use the FF-A bus.
FF-A is a discoverable bus and similar to architecture features.
FF-A bus is discovered using ARM_SMCCC_FEATURES mechanism performed
by the PSCI driver.
Clients are able to probe then use the FF-A bus by calling the DM class
searching APIs (e.g: uclass_first_device).
The Secure World is considered as one entity to communicate with
using the FF-A bus. FF-A communication is handled by one device and
one instance (the bus). This FF-A driver takes care of all the
interactions between Normal world and Secure World.
The driver exports its operations to be used by upper layers.
Exported operations:
- ffa_partition_info_get
- ffa_sync_send_receive
- ffa_rxtx_unmap
Generic FF-A methods are implemented in the Uclass (arm-ffa-uclass.c).
Arm specific methods are implemented in the Arm driver (arm-ffa.c).
For more details please refer to the driver documentation [2].
[1]: https://developer.arm.com/documentation/den0077/latest/
[2]: doc/arch/arm64.ffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
This reverts commit d927d1a808, reversing
changes made to c07ad9520c.
These changes do not pass CI currently.
Signed-off-by: Tom Rini <trini@konsulko.com>
Emulate Secure World's FF-A ABIs and allow testing U-Boot FF-A support
Features of the sandbox FF-A support:
- Introduce an FF-A emulator
- Introduce an FF-A device driver for FF-A comms with emulated Secure World
- Provides test methods allowing to read the status of the inspected ABIs
The sandbox FF-A emulator supports only 64-bit direct messaging.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide armffa command showcasing the use of the U-Boot FF-A support
armffa is a command showcasing how to invoke FF-A operations.
This provides a guidance to the client developers on how to
call the FF-A bus interfaces. The command also allows to gather secure
partitions information and ping these partitions. The command is also
helpful in testing the communication with secure partitions.
For more details please refer to the command documentation [1].
[1]: doc/usage/cmd/armffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add Arm FF-A support implementing Arm Firmware Framework for Armv8-A v1.0
The Firmware Framework for Arm A-profile processors (FF-A v1.0) [1]
describes interfaces (ABIs) that standardize communication
between the Secure World and Normal World leveraging TrustZone
technology.
This driver uses 64-bit registers as per SMCCCv1.2 spec and comes
on top of the SMCCC layer. The driver provides the FF-A ABIs needed for
querying the FF-A framework from the secure world.
The driver uses SMC32 calling convention which means using the first
32-bit data of the Xn registers.
All supported ABIs come with their 32-bit version except FFA_RXTX_MAP
which has 64-bit version supported.
Both 32-bit and 64-bit direct messaging are supported which allows both
32-bit and 64-bit clients to use the FF-A bus.
FF-A is a discoverable bus and similar to architecture features.
FF-A bus is discovered using ARM_SMCCC_FEATURES mechanism performed
by the PSCI driver.
Clients are able to probe then use the FF-A bus by calling the DM class
searching APIs (e.g: uclass_first_device).
The Secure World is considered as one entity to communicate with
using the FF-A bus. FF-A communication is handled by one device and
one instance (the bus). This FF-A driver takes care of all the
interactions between Normal world and Secure World.
The driver exports its operations to be used by upper layers.
Exported operations:
- ffa_partition_info_get
- ffa_sync_send_receive
- ffa_rxtx_unmap
Generic FF-A methods are implemented in the Uclass (arm-ffa-uclass.c).
Arm specific methods are implemented in the Arm driver (arm-ffa.c).
For more details please refer to the driver documentation [2].
[1]: https://developer.arm.com/documentation/den0077/latest/
[2]: doc/arch/arm64.ffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
The input provided to sgdisk is in fact aimed for sfdisk. The use of
sgdisk and sfdisk, coming from different projects, is not the same.
So, this commit translates the sfdisk-formatted input into
sgdisk-compatible options. Partitions are not modified.
Signed-off-by: Corentin Guillevic <corentin.guillevic@smile.fr>
This converts the following to Kconfig:
CONFIG_MONITOR_IS_IN_RAM
As part of this, reword some of the documentation slightly to reflect
that this is in Kconfig and not a define now.
Signed-off-by: Tom Rini <trini@konsulko.com>
Given that we can use Kconfig logic directly to see if we have a program
available on the host or not, change from passing NO_SDL to instead
controlling CONFIG_SANDBOX_SDL in Kconfig directly. Introduce
CONFIG_HOST_HAS_SDL as the way to test for sdl2-config and default
CONFIG_SANDBOX_SDL on if we have that, or not.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS namespace do
not easily transition to Kconfig. In many cases they likely should come
from the device tree instead. Move these out of CONFIG namespace and in
to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The rest of the unmigrated CONFIG symbols in the CONFIG_SYS_SDRAM
namespace do not easily transition to Kconfig. In many cases they likely
should come from the device tree instead. Move these out of CONFIG
namespace and in to CFG namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The current name is inconsistent with SPL which uses CONFIG_SPL_TEXT_BASE
and this makes it imposible to use CONFIG_VAL().
Rename it to resolve this problem.
Signed-off-by: Simon Glass <sjg@chromium.org>
There are a large number of options under CONFIG_SYS (but some of these
are elsewhere, spotted while cleaning CONFIG_SYS) that are never
referenced, or only used slightly later in the config file. Remove or
restructure these.
Signed-off-by: Tom Rini <trini@konsulko.com>
