Updates to Elfloader from seL4 10.1.x to 11.0.x

Externally visible changes

  • Add Arm Fixed Virtual Platform(FVP) support. This also includes multicore
  • Add support for the 64-bit i.MX8M Quad evaluation kit. Currently only AArch64 EL1 is supported. This also includes multicore.
  • Add support for the 64-bit i.MX8M Mini Quad evaluation kit. Currently only AArch64 EL1 is supported.
  • Add support for rockpro64 Soc
  • Add qemu-arm-virt platform support
  • Remove ancient platforms: nslu2 and realview have never been supported by any (public) release of the kernel.
  • Add TX2 multicore support. Brings up as many cores as configured by CONFIG_MAX_NUM_NODES.
  • Add multicore support for zynqmp
  • Add multicore support for RISCV
  • Fix ARM CPUID message on EFI: At O2 and higher, the switch gets optimised into a table of strings. Unfortunately, the compiler doesn’t properly handle this when building position-independent code with -fpic
  • Enable ElfloaderMonitorHook config option for imx6
  • fvp: Save MPIDR_EL1 in TPIDR_EL0. On FVP, The MPIDR_EL1 changes to 0x80000000 after MMU is enabled for unknown reason. We save the MPIDR_EL1 in TPIDR_EL0 before switching the MMU, and the correct MPIDR_EL1 can be picked up by the kernel from TPIDR_EL0.
  • Pass DTB from bootloader to seL4 on ARM. On ARM, we expect the physical address of the dtb to be passed in r2 on aarch32 or x0 on aarch64. The elfloader then moves the dtb to immediately after where the kernel is loaded in memory, and passes that address on to the kernel.
  • Add aarch32 EFI support. This makes the ELF loader relocatable on aarch32, and generates the appropriate EFI header for aarch32 boards.
  • Support using DTB provided by EFI. This adds support for loading a DTB provided by an EFI implementation in the EFI system tables, identified by a GUID.
  • Support loading DTB from CPIO archive. On platforms where the bootloader does not provide a DTB, we may still want to provide userspace with a DTB - allow including it in the CPIO archive, named “kernel.dtb”.
  • Prefer DTB passed from CPIO archive when multiple DTBs are available
  • Enable nvidia-specific TX2 SERR extensions.
  • Add option to place the user image at the end of physical memory
  • Support leaving aarch64 EL2 to aarch32. This allows aarch32 seL4 kernel configurations to be loaded from a 64bit entry point.
  • Dynamically compute image start address. Stop hard-coding an address at which the ELF-loader will be loaded into physical memory. Instead, dynamically compute where it should go based on the size and locations of the payloads (kernel plus rootserver) it will extract, and place the image just above their end. Futhermore, for U-Boot images, pass the computed load address through to the mkimage command instead of using a hard-coded one (for this format the load address and entry address are identical).
  • Still allow statically configuring image start address via -DIMAGE_START_ADDR=0xaddress
  • Support aarch64 2MiB kernel load addresses Previously the input kernel vaddr had to be 1GiB aligned. Now it can be only 2MiB aligned. The paddr previously required 2MiB alignment and this is still the case.
  • CMake: Add Findelfloader-tool.cmake module This adds support for importing this project via find_package(elfloader-tool) if the project exists in the CMAKE_MODULE_PATH.
  • output: use CR LF as line break and not LF CR for all console output.

Implementation changes

  • Switch to new libcpio API: This newer API requires passing in the length of the archive to prevent buffer overflows.
  • Style CMake files consistently
  • Provide weak default for platform_init. This removes the need for empty duplicates per platform.
  • Style source files
  • RISCV: Map the elfloader to a separate address space on 64-bit machine.
  • Add basic memmove implementation
  • support relocating on ARM. Under EFI, we can’t control where the ELF loader is loaded - and so it might be loaded above the kernel’s first vaddr. If this is the case, once we turn the MMU on the ELF loader will no longer be accessible and the system will not boot. When this occurs, workaround it by relocating the ELF loader below the kernel.
  • Improve diagnostic error and warning messages.
  • Explicitly link sel4_autoconf and elfloader_Config since the global config lib is removed
  • Fix hashing implementation. Fixes a bug in the parameters being given to the hash functions.
  • RISC-V: Add fence.i before kernel start. This fence operation ensures that writes to memory that will be executed are visible to the instruction stream.
  • Support 40-bit PA. Configure the EL2_TCR register with the correct PS value.
  • output: introduce plat_console_putchar(). drop __fputc() and provide plat_console_putchar() instead. Duplicated CR LF handling is removed from the platform code and happens centralized in arch_write_char()
  • Support multiple RISC-V hart entries. On multi-hart platforms, the bbl will call the payload’s entrypoint on each hart and it is up to the payload to synchronise them for a deterministic start order. Harts that aren’t required by the kernel get placed into a wfi loop.
  • Follow Arm calling conventions in monitor mode SMC handlers for TK1 and imx6.