1 ARM Trusted Firmware - version 1.1 2 ================================== 3 4 New features 5 ------------ 6 7 * A prototype implementation of Trusted Board Boot has been added. Boot 8 loader images are verified by BL1 and BL2 during the cold boot path. BL1 and 9 BL2 use the PolarSSL SSL library to verify certificates and images. The 10 OpenSSL library is used to create the X.509 certificates. Support has been 11 added to `fip_create` tool to package the certificates in a FIP. 12 13 * Support for calling CPU and platform specific reset handlers upon entry into 14 BL3-1 during the cold and warm boot paths has been added. This happens after 15 another Boot ROM `reset_handler()` has already run. This enables a developer 16 to perform additional actions or undo actions already performed during the 17 first call of the reset handlers e.g. apply additional errata workarounds. 18 19 * Support has been added to demonstrate routing of IRQs to EL3 instead of 20 S-EL1 when execution is in secure world. 21 22 * The PSCI implementation now conforms to version 1.0 of the PSCI 23 specification. All the mandatory APIs and selected optional APIs are 24 supported. In particular, support for the `PSCI_FEATURES` API has been 25 added. A capability variable is constructed during initialization by 26 examining the `plat_pm_ops` and `spd_pm_ops` exported by the platform and 27 the Secure Payload Dispatcher. This is used by the PSCI FEATURES function 28 to determine which PSCI APIs are supported by the platform. 29 30 * Improvements have been made to the PSCI code as follows. 31 32 * The code has been refactored to remove redundant parameters from 33 internal functions. 34 35 * Changes have been made to the code for PSCI `CPU_SUSPEND`, `CPU_ON` and 36 `CPU_OFF` calls to facilitate an early return to the caller in case a 37 failure condition is detected. For example, a PSCI `CPU_SUSPEND` call 38 returns `SUCCESS` to the caller if a pending interrupt is detected early 39 in the code path. 40 41 * Optional platform APIs have been added to validate the `power_state` and 42 `entrypoint` parameters early in PSCI `CPU_ON` and `CPU_SUSPEND` code 43 paths. 44 45 * PSCI migrate APIs have been reworked to invoke the SPD hook to determine 46 the type of Trusted OS and the CPU it is resident on (if 47 applicable). Also, during a PSCI `MIGRATE` call, the SPD hook to migrate 48 the Trusted OS is invoked. 49 50 * It is now possible to build Trusted Firmware without marking at least an 51 extra page of memory as coherent. The build flag `USE_COHERENT_MEM` can be 52 used to choose between the two implementations. This has been made possible 53 through these changes. 54 55 * An implementation of Bakery locks, where the locks are not allocated in 56 coherent memory has been added. 57 58 * Memory which was previously marked as coherent is now kept coherent 59 through the use of software cache maintenance operations. 60 61 Approximately, 4K worth of memory is saved for each boot loader stage when 62 `USE_COHERENT_MEM=0`. Enabling this option increases the latencies 63 associated with acquire and release of locks. It also requires changes to 64 the platform ports. 65 66 * It is now possible to specify the name of the FIP at build time by defining 67 the `FIP_NAME` variable. 68 69 * Issues with depedencies on the 'fiptool' makefile target have been 70 rectified. The `fip_create` tool is now rebuilt whenever its source files 71 change. 72 73 * The BL3-1 runtime console is now also used as the crash console. The crash 74 console is changed to SoC UART0 (UART2) from the previous FPGA UART0 (UART0) 75 on Juno. In FVP, it is changed from UART0 to UART1. 76 77 * CPU errata workarounds are applied only when the revision and part number 78 match. This behaviour has been made consistent across the debug and release 79 builds. The debug build additionally prints a warning if a mismatch is 80 detected. 81 82 * It is now possible to issue cache maintenance operations by set/way for a 83 particular level of data cache. Levels 1-3 are currently supported. 84 85 * The following improvements have been made to the FVP port. 86 87 * The build option `FVP_SHARED_DATA_LOCATION` which allowed relocation of 88 shared data into the Trusted DRAM has been deprecated. Shared data is 89 now always located at the base of Trusted SRAM. 90 91 * BL2 Translation tables have been updated to map only the region of 92 DRAM which is accessible to normal world. This is the region of the 2GB 93 DDR-DRAM memory at 0x80000000 excluding the top 16MB. The top 16MB is 94 accessible to only the secure world. 95 96 * BL3-2 can now reside in the top 16MB of DRAM which is accessible only to 97 the secure world. This can be done by setting the build flag 98 `FVP_TSP_RAM_LOCATION` to the value `dram`. 99 100 * Separate transation tables are created for each boot loader image. The 101 `IMAGE_BLx` build options are used to do this. This allows each stage to 102 create mappings only for areas in the memory map that it needs. 103 104 * A Secure Payload Dispatcher (OPTEED) for the OP-TEE Trusted OS has been 105 added. Details of using it with ARM Trusted Firmware can be found in 106 [OP-TEE Dispatcher] 107 108 109 110 Issues resolved since last release 111 ---------------------------------- 112 113 * The Juno port has been aligned with the FVP port as follows. 114 115 * Support for reclaiming all BL1 RW memory and BL2 memory by overlaying 116 the BL3-1/BL3-2 NOBITS sections on top of them has been added to the 117 Juno port. 118 119 * The top 16MB of the 2GB DDR-DRAM memory at 0x80000000 is configured 120 using the TZC-400 controller to be accessible only to the secure world. 121 122 * The ARM GIC driver is used to configure the GIC-400 instead of using a 123 GIC driver private to the Juno port. 124 125 * PSCI `CPU_SUSPEND` calls that target a standby state are now supported. 126 127 * The TZC-400 driver is used to configure the controller instead of direct 128 accesses to the registers. 129 130 * The Linux kernel version referred to in the user guide has DVFS and HMP 131 support enabled. 132 133 * DS-5 v5.19 did not detect Version 5.8 of the Cortex-A57-A53 Base FVPs in 134 CADI server mode. This issue is not seen with DS-5 v5.20 and Version 6.2 of 135 the Cortex-A57-A53 Base FVPs. 136 137 138 Known issues 139 ------------ 140 141 * The Trusted Board Boot implementation is a prototype. There are issues with 142 the modularity and scalability of the design. Support for a Trusted 143 Watchdog, firmware update mechanism, recovery images and Trusted debug is 144 absent. These issues will be addressed in future releases. 145 146 * The FVP and Juno ports do not use the hash of the ROTPK stored in the 147 Trusted Key Storage registers to verify the ROTPK in the 148 `plat_match_rotpk()` function. This prevents the correct establishment of 149 the Chain of Trust at the first step in the Trusted Board Boot process. 150 151 * The version of the AEMv8 Base FVP used in this release resets the model 152 instead of terminating its execution in response to a shutdown request using 153 the PSCI `SYSTEM_OFF` API. This issue will be fixed in a future version of 154 the model. 155 156 * GICv3 support is experimental. There are known issues with GICv3 157 initialization in the ARM Trusted Firmware. 158 159 * While this version greatly reduces the on-chip RAM requirements, there are 160 further RAM usage enhancements that could be made. 161 162 * The firmware design documentation for the Test Secure-EL1 Payload (TSP) and 163 its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. 164 165 * The Juno-specific firmware design documentation is incomplete. 166 167 168 ARM Trusted Firmware - version 1.0 169 ================================== 170 171 New features 172 ------------ 173 174 * It is now possible to map higher physical addresses using non-flat virtual 175 to physical address mappings in the MMU setup. 176 177 * Wider use is now made of the per-CPU data cache in BL3-1 to store: 178 179 * Pointers to the non-secure and secure security state contexts. 180 181 * A pointer to the CPU-specific operations. 182 183 * A pointer to PSCI specific information (for example the current power 184 state). 185 186 * A crash reporting buffer. 187 188 * The following RAM usage improvements result in a BL3-1 RAM usage reduction 189 from 96KB to 56KB (for FVP with TSPD), and a total RAM usage reduction 190 across all images from 208KB to 88KB, compared to the previous release. 191 192 * Removed the separate `early_exception` vectors from BL3-1 (2KB code size 193 saving). 194 195 * Removed NSRAM from the FVP memory map, allowing the removal of one 196 (4KB) translation table. 197 198 * Eliminated the internal `psci_suspend_context` array, saving 2KB. 199 200 * Correctly dimensioned the PSCI `aff_map_node` array, saving 1.5KB in the 201 FVP port. 202 203 * Removed calling CPU mpidr from the bakery lock API, saving 160 bytes. 204 205 * Removed current CPU mpidr from PSCI common code, saving 160 bytes. 206 207 * Inlined the mmio accessor functions, saving 360 bytes. 208 209 * Fully reclaimed all BL1 RW memory and BL2 memory on the FVP port by 210 overlaying the BL3-1/BL3-2 NOBITS sections on top of these at runtime. 211 212 * Made storing the FP register context optional, saving 0.5KB per context 213 (8KB on the FVP port, with TSPD enabled and running on 8 CPUs). 214 215 * Implemented a leaner `tf_printf()` function, allowing the stack to be 216 greatly reduced. 217 218 * Removed coherent stacks from the codebase. Stacks allocated in normal 219 memory are now used before and after the MMU is enabled. This saves 768 220 bytes per CPU in BL3-1. 221 222 * Reworked the crash reporting in BL3-1 to use less stack. 223 224 * Optimized the EL3 register state stored in the `cpu_context` structure 225 so that registers that do not change during normal execution are 226 re-initialized each time during cold/warm boot, rather than restored 227 from memory. This saves about 1.2KB. 228 229 * As a result of some of the above, reduced the runtime stack size in all 230 BL images. For BL3-1, this saves 1KB per CPU. 231 232 * PSCI SMC handler improvements to correctly handle calls from secure states 233 and from AArch32. 234 235 * CPU contexts are now initialized from the `entry_point_info`. BL3-1 fully 236 determines the exception level to use for the non-trusted firmware (BL3-3) 237 based on the SPSR value provided by the BL2 platform code (or otherwise 238 provided to BL3-1). This allows platform code to directly run non-trusted 239 firmware payloads at either EL2 or EL1 without requiring an EL2 stub or OS 240 loader. 241 242 * Code refactoring improvements: 243 244 * Refactored `fvp_config` into a common platform header. 245 246 * Refactored the fvp gic code to be a generic driver that no longer has an 247 explicit dependency on platform code. 248 249 * Refactored the CCI-400 driver to not have dependency on platform code. 250 251 * Simplified the IO driver so it's no longer necessary to call `io_init()` 252 and moved all the IO storage framework code to one place. 253 254 * Simplified the interface the the TZC-400 driver. 255 256 * Clarified the platform porting interface to the TSP. 257 258 * Reworked the TSPD setup code to support the alternate BL3-2 259 intialization flow where BL3-1 generic code hands control to BL3-2, 260 rather than expecting the TSPD to hand control directly to BL3-2. 261 262 * Considerable rework to PSCI generic code to support CPU specific 263 operations. 264 265 * Improved console log output, by: 266 267 * Adding the concept of debug log levels. 268 269 * Rationalizing the existing debug messages and adding new ones. 270 271 * Printing out the version of each BL stage at runtime. 272 273 * Adding support for printing console output from assembler code, 274 including when a crash occurs before the C runtime is initialized. 275 276 * Moved up to the latest versions of the FVPs, toolchain, EDK2, kernel, Linaro 277 file system and DS-5. 278 279 * On the FVP port, made the use of the Trusted DRAM region optional at build 280 time (off by default). Normal platforms will not have such a "ready-to-use" 281 DRAM area so it is not a good example to use it. 282 283 * Added support for PSCI `SYSTEM_OFF` and `SYSTEM_RESET` APIs. 284 285 * Added support for CPU specific reset sequences, power down sequences and 286 register dumping during crash reporting. The CPU specific reset sequences 287 include support for errata workarounds. 288 289 * Merged the Juno port into the master branch. Added support for CPU hotplug 290 and CPU idle. Updated the user guide to describe how to build and run on the 291 Juno platform. 292 293 294 Issues resolved since last release 295 ---------------------------------- 296 297 * Removed the concept of top/bottom image loading. The image loader now 298 automatically detects the position of the image inside the current memory 299 layout and updates the layout to minimize fragementation. This resolves the 300 image loader limitations of previously releases. There are currently no 301 plans to support dynamic image loading. 302 303 * CPU idle now works on the publicized version of the Foundation FVP. 304 305 * All known issues relating to the compiler version used have now been 306 resolved. This TF version uses Linaro toolchain 14.07 (based on GCC 4.9). 307 308 309 Known issues 310 ------------ 311 312 * GICv3 support is experimental. The Linux kernel patches to support this are 313 not widely available. There are known issues with GICv3 initialization in 314 the ARM Trusted Firmware. 315 316 * While this version greatly reduces the on-chip RAM requirements, there are 317 further RAM usage enhancements that could be made. 318 319 * The firmware design documentation for the Test Secure-EL1 Payload (TSP) and 320 its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. 321 322 * The Juno-specific firmware design documentation is incomplete. 323 324 * Some recent enhancements to the FVP port have not yet been translated into 325 the Juno port. These will be tracked via the tf-issues project. 326 327 * The Linux kernel version referred to in the user guide has DVFS and HMP 328 support disabled due to some known instabilities at the time of this 329 release. A future kernel version will re-enable these features. 330 331 * DS-5 v5.19 does not detect Version 5.8 of the Cortex-A57-A53 Base FVPs in 332 CADI server mode. This is because the `<SimName>` reported by the FVP in 333 this version has changed. For example, for the Cortex-A57x4-A53x4 Base FVP, 334 the `<SimName>` reported by the FVP is `FVP_Base_Cortex_A57x4_A53x4`, while 335 DS-5 expects it to be `FVP_Base_A57x4_A53x4`. 336 337 The temporary fix to this problem is to change the name of the FVP in 338 `sw/debugger/configdb/Boards/ARM FVP/Base_A57x4_A53x4/cadi_config.xml`. 339 Change the following line: 340 341 <SimName>System Generator:FVP_Base_A57x4_A53x4</SimName> 342 to 343 <SimName>System Generator:FVP_Base_Cortex-A57x4_A53x4</SimName> 344 345 A similar change can be made to the other Cortex-A57-A53 Base FVP variants. 346 347 348 ARM Trusted Firmware - version 0.4 349 ================================== 350 351 New features 352 ------------ 353 354 * Makefile improvements: 355 356 * Improved dependency checking when building. 357 358 * Removed `dump` target (build now always produces dump files). 359 360 * Enabled platform ports to optionally make use of parts of the Trusted 361 Firmware (e.g. BL3-1 only), rather than being forced to use all parts. 362 Also made the `fip` target optional. 363 364 * Specified the full path to source files and removed use of the `vpath` 365 keyword. 366 367 * Provided translation table library code for potential re-use by platforms 368 other than the FVPs. 369 370 * Moved architectural timer setup to platform-specific code. 371 372 * Added standby state support to PSCI cpu_suspend implementation. 373 374 * SRAM usage improvements: 375 376 * Started using the `-ffunction-sections`, `-fdata-sections` and 377 `--gc-sections` compiler/linker options to remove unused code and data 378 from the images. Previously, all common functions were being built into 379 all binary images, whether or not they were actually used. 380 381 * Placed all assembler functions in their own section to allow more unused 382 functions to be removed from images. 383 384 * Updated BL1 and BL2 to use a single coherent stack each, rather than one 385 per CPU. 386 387 * Changed variables that were unnecessarily declared and initialized as 388 non-const (i.e. in the .data section) so they are either uninitialized 389 (zero init) or const. 390 391 * Moved the Test Secure-EL1 Payload (BL3-2) to execute in Trusted SRAM by 392 default. The option for it to run in Trusted DRAM remains. 393 394 * Implemented a TrustZone Address Space Controller (TZC-400) driver. A 395 default configuration is provided for the Base FVPs. This means the model 396 parameter `-C bp.secure_memory=1` is now supported. 397 398 * Started saving the PSCI cpu_suspend 'power_state' parameter prior to 399 suspending a CPU. This allows platforms that implement multiple power-down 400 states at the same affinity level to identify a specific state. 401 402 * Refactored the entire codebase to reduce the amount of nesting in header 403 files and to make the use of system/user includes more consistent. Also 404 split platform.h to separate out the platform porting declarations from the 405 required platform porting definitions and the definitions/declarations 406 specific to the platform port. 407 408 * Optimized the data cache clean/invalidate operations. 409 410 * Improved the BL3-1 unhandled exception handling and reporting. Unhandled 411 exceptions now result in a dump of registers to the console. 412 413 * Major rework to the handover interface between BL stages, in particular the 414 interface to BL3-1. The interface now conforms to a specification and is 415 more future proof. 416 417 * Added support for optionally making the BL3-1 entrypoint a reset handler 418 (instead of BL1). This allows platforms with an alternative image loading 419 architecture to re-use BL3-1 with fewer modifications to generic code. 420 421 * Reserved some DDR DRAM for secure use on FVP platforms to avoid future 422 compatibility problems with non-secure software. 423 424 * Added support for secure interrupts targeting the Secure-EL1 Payload (SP) 425 (using GICv2 routing only). Demonstrated this working by adding an interrupt 426 target and supporting test code to the TSP. Also demonstrated non-secure 427 interrupt handling during TSP processing. 428 429 430 Issues resolved since last release 431 ---------------------------------- 432 433 * Now support use of the model parameter `-C bp.secure_memory=1` in the Base 434 FVPs (see **New features**). 435 436 * Support for secure world interrupt handling now available (see **New 437 features**). 438 439 * Made enough SRAM savings (see **New features**) to enable the Test Secure-EL1 440 Payload (BL3-2) to execute in Trusted SRAM by default. 441 442 * The tested filesystem used for this release (Linaro AArch64 OpenEmbedded 443 14.04) now correctly reports progress in the console. 444 445 * Improved the Makefile structure to make it easier to separate out parts of 446 the Trusted Firmware for re-use in platform ports. Also, improved target 447 dependency checking. 448 449 450 Known issues 451 ------------ 452 453 * GICv3 support is experimental. The Linux kernel patches to support this are 454 not widely available. There are known issues with GICv3 initialization in 455 the ARM Trusted Firmware. 456 457 * Dynamic image loading is not available yet. The current image loader 458 implementation (used to load BL2 and all subsequent images) has some 459 limitations. Changing BL2 or BL3-1 load addresses in certain ways can lead 460 to loading errors, even if the images should theoretically fit in memory. 461 462 * The ARM Trusted Firmware still uses too much on-chip Trusted SRAM. A number 463 of RAM usage enhancements have been identified to rectify this situation. 464 465 * CPU idle does not work on the advertised version of the Foundation FVP. 466 Some FVP fixes are required that are not available externally at the time 467 of writing. This can be worked around by disabling CPU idle in the Linux 468 kernel. 469 470 * Various bugs in ARM Trusted Firmware, UEFI and the Linux kernel have been 471 observed when using Linaro toolchain versions later than 13.11. Although 472 most of these have been fixed, some remain at the time of writing. These 473 mainly seem to relate to a subtle change in the way the compiler converts 474 between 64-bit and 32-bit values (e.g. during casting operations), which 475 reveals previously hidden bugs in client code. 476 477 * The firmware design documentation for the Test Secure-EL1 Payload (TSP) and 478 its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. 479 480 481 ARM Trusted Firmware - version 0.3 482 ================================== 483 484 New features 485 ------------ 486 487 * Support for Foundation FVP Version 2.0 added. 488 The documented UEFI configuration disables some devices that are unavailable 489 in the Foundation FVP, including MMC and CLCD. The resultant UEFI binary can 490 be used on the AEMv8 and Cortex-A57-A53 Base FVPs, as well as the Foundation 491 FVP. 492 493 NOTE: The software will not work on Version 1.0 of the Foundation FVP. 494 495 * Enabled third party contributions. Added a new contributing.md containing 496 instructions for how to contribute and updated copyright text in all files 497 to acknowledge contributors. 498 499 * The PSCI CPU_SUSPEND API has been stabilised to the extent where it can be 500 used for entry into power down states with the following restrictions: 501 - Entry into standby states is not supported. 502 - The API is only supported on the AEMv8 and Cortex-A57-A53 Base FVPs. 503 504 * The PSCI AFFINITY_INFO api has undergone limited testing on the Base FVPs to 505 allow experimental use. 506 507 * Required C library and runtime header files are now included locally in ARM 508 Trusted Firmware instead of depending on the toolchain standard include 509 paths. The local implementation has been cleaned up and reduced in scope. 510 511 * Added I/O abstraction framework, primarily to allow generic code to load 512 images in a platform-independent way. The existing image loading code has 513 been reworked to use the new framework. Semi-hosting and NOR flash I/O 514 drivers are provided. 515 516 * Introduced Firmware Image Package (FIP) handling code and tools. A FIP 517 combines multiple firmware images with a Table of Contents (ToC) into a 518 single binary image. The new FIP driver is another type of I/O driver. The 519 Makefile builds a FIP by default and the FVP platform code expect to load a 520 FIP from NOR flash, although some support for image loading using semi- 521 hosting is retained. 522 523 NOTE: Building a FIP by default is a non-backwards-compatible change. 524 525 NOTE: Generic BL2 code now loads a BL3-3 (non-trusted firmware) image into 526 DRAM instead of expecting this to be pre-loaded at known location. This is 527 also a non-backwards-compatible change. 528 529 NOTE: Some non-trusted firmware (e.g. UEFI) will need to be rebuilt so that 530 it knows the new location to execute from and no longer needs to copy 531 particular code modules to DRAM itself. 532 533 * Reworked BL2 to BL3-1 handover interface. A new composite structure 534 (bl31_args) holds the superset of information that needs to be passed from 535 BL2 to BL3-1, including information on how handover execution control to 536 BL3-2 (if present) and BL3-3 (non-trusted firmware). 537 538 * Added library support for CPU context management, allowing the saving and 539 restoring of 540 - Shared system registers between Secure-EL1 and EL1. 541 - VFP registers. 542 - Essential EL3 system registers. 543 544 * Added a framework for implementing EL3 runtime services. Reworked the PSCI 545 implementation to be one such runtime service. 546 547 * Reworked the exception handling logic, making use of both SP_EL0 and SP_EL3 548 stack pointers for determining the type of exception, managing general 549 purpose and system register context on exception entry/exit, and handling 550 SMCs. SMCs are directed to the correct EL3 runtime service. 551 552 * Added support for a Test Secure-EL1 Payload (TSP) and a corresponding 553 Dispatcher (TSPD), which is loaded as an EL3 runtime service. The TSPD 554 implements Secure Monitor functionality such as world switching and 555 EL1 context management, and is responsible for communication with the TSP. 556 NOTE: The TSPD does not yet contain support for secure world interrupts. 557 NOTE: The TSP/TSPD is not built by default. 558 559 560 Issues resolved since last release 561 ---------------------------------- 562 563 * Support has been added for switching context between secure and normal 564 worlds in EL3. 565 566 * PSCI API calls `AFFINITY_INFO` & `PSCI_VERSION` have now been tested (to 567 a limited extent). 568 569 * The ARM Trusted Firmware build artifacts are now placed in the `./build` 570 directory and sub-directories instead of being placed in the root of the 571 project. 572 573 * The ARM Trusted Firmware is now free from build warnings. Build warnings 574 are now treated as errors. 575 576 * The ARM Trusted Firmware now provides C library support locally within the 577 project to maintain compatibility between toolchains/systems. 578 579 * The PSCI locking code has been reworked so it no longer takes locks in an 580 incorrect sequence. 581 582 * The RAM-disk method of loading a Linux file-system has been confirmed to 583 work with the ARM Trusted Firmware and Linux kernel version (based on 584 version 3.13) used in this release, for both Foundation and Base FVPs. 585 586 587 Known issues 588 ------------ 589 590 The following is a list of issues which are expected to be fixed in the future 591 releases of the ARM Trusted Firmware. 592 593 * The TrustZone Address Space Controller (TZC-400) is not being programmed 594 yet. Use of model parameter `-C bp.secure_memory=1` is not supported. 595 596 * No support yet for secure world interrupt handling. 597 598 * GICv3 support is experimental. The Linux kernel patches to support this are 599 not widely available. There are known issues with GICv3 initialization in 600 the ARM Trusted Firmware. 601 602 * Dynamic image loading is not available yet. The current image loader 603 implementation (used to load BL2 and all subsequent images) has some 604 limitations. Changing BL2 or BL3-1 load addresses in certain ways can lead 605 to loading errors, even if the images should theoretically fit in memory. 606 607 * The ARM Trusted Firmware uses too much on-chip Trusted SRAM. Currently the 608 Test Secure-EL1 Payload (BL3-2) executes in Trusted DRAM since there is not 609 enough SRAM. A number of RAM usage enhancements have been identified to 610 rectify this situation. 611 612 * CPU idle does not work on the advertised version of the Foundation FVP. 613 Some FVP fixes are required that are not available externally at the time 614 of writing. 615 616 * Various bugs in ARM Trusted Firmware, UEFI and the Linux kernel have been 617 observed when using Linaro toolchain versions later than 13.11. Although 618 most of these have been fixed, some remain at the time of writing. These 619 mainly seem to relate to a subtle change in the way the compiler converts 620 between 64-bit and 32-bit values (e.g. during casting operations), which 621 reveals previously hidden bugs in client code. 622 623 * The tested filesystem used for this release (Linaro AArch64 OpenEmbedded 624 14.01) does not report progress correctly in the console. It only seems to 625 produce error output, not standard output. It otherwise appears to function 626 correctly. Other filesystem versions on the same software stack do not 627 exhibit the problem. 628 629 * The Makefile structure doesn't make it easy to separate out parts of the 630 Trusted Firmware for re-use in platform ports, for example if only BL3-1 is 631 required in a platform port. Also, dependency checking in the Makefile is 632 flawed. 633 634 * The firmware design documentation for the Test Secure-EL1 Payload (TSP) and 635 its dispatcher (TSPD) is incomplete. Similarly for the PSCI section. 636 637 638 ARM Trusted Firmware - version 0.2 639 ================================== 640 641 New features 642 ------------ 643 644 * First source release. 645 646 * Code for the PSCI suspend feature is supplied, although this is not enabled 647 by default since there are known issues (see below). 648 649 650 Issues resolved since last release 651 ---------------------------------- 652 653 * The "psci" nodes in the FDTs provided in this release now fully comply 654 with the recommendations made in the PSCI specification. 655 656 657 Known issues 658 ------------ 659 660 The following is a list of issues which are expected to be fixed in the future 661 releases of the ARM Trusted Firmware. 662 663 * The TrustZone Address Space Controller (TZC-400) is not being programmed 664 yet. Use of model parameter `-C bp.secure_memory=1` is not supported. 665 666 * No support yet for secure world interrupt handling or for switching context 667 between secure and normal worlds in EL3. 668 669 * GICv3 support is experimental. The Linux kernel patches to support this are 670 not widely available. There are known issues with GICv3 initialization in 671 the ARM Trusted Firmware. 672 673 * Dynamic image loading is not available yet. The current image loader 674 implementation (used to load BL2 and all subsequent images) has some 675 limitations. Changing BL2 or BL3-1 load addresses in certain ways can lead 676 to loading errors, even if the images should theoretically fit in memory. 677 678 * Although support for PSCI `CPU_SUSPEND` is present, it is not yet stable 679 and ready for use. 680 681 * PSCI API calls `AFFINITY_INFO` & `PSCI_VERSION` are implemented but have not 682 been tested. 683 684 * The ARM Trusted Firmware make files result in all build artifacts being 685 placed in the root of the project. These should be placed in appropriate 686 sub-directories. 687 688 * The compilation of ARM Trusted Firmware is not free from compilation 689 warnings. Some of these warnings have not been investigated yet so they 690 could mask real bugs. 691 692 * The ARM Trusted Firmware currently uses toolchain/system include files like 693 stdio.h. It should provide versions of these within the project to maintain 694 compatibility between toolchains/systems. 695 696 * The PSCI code takes some locks in an incorrect sequence. This may cause 697 problems with suspend and hotplug in certain conditions. 698 699 * The Linux kernel used in this release is based on version 3.12-rc4. Using 700 this kernel with the ARM Trusted Firmware fails to start the file-system as 701 a RAM-disk. It fails to execute user-space `init` from the RAM-disk. As an 702 alternative, the VirtioBlock mechanism can be used to provide a file-system 703 to the kernel. 704 705 706 - - - - - - - - - - - - - - - - - - - - - - - - - - 707 708 _Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._ 709 710 [OP-TEE Dispatcher]: ./optee-dispatcher.md 711
