project/bcm63xx/atf.git
6 years agoMerge pull request #1256 from jeenu-arm/tsp-ehf
davidcunado-arm [Mon, 12 Feb 2018 09:52:08 +0000 (17:52 +0800)]
Merge pull request #1256 from jeenu-arm/tsp-ehf

TSP changes for EHF

6 years agoMerge pull request #1257 from vchong/poplar_maintainer
davidcunado-arm [Fri, 9 Feb 2018 03:38:12 +0000 (11:38 +0800)]
Merge pull request #1257 from vchong/poplar_maintainer

maintainers.rst: Add maintainer for plat Poplar

6 years agoMerge pull request #1251 from vchong/ld_img_v2
davidcunado-arm [Fri, 9 Feb 2018 03:36:51 +0000 (11:36 +0800)]
Merge pull request #1251 from vchong/ld_img_v2

poplar: misc updates

6 years agoMerge pull request #1260 from sandrine-bailleux-arm/topics/sb/fix-zlib-build
davidcunado-arm [Thu, 8 Feb 2018 17:14:52 +0000 (01:14 +0800)]
Merge pull request #1260 from sandrine-bailleux-arm/topics/sb/fix-zlib-build

zlib: Fix build error when LOG_LEVEL=50

6 years agozlib: Fix build error when LOG_LEVEL=50
Sandrine Bailleux [Wed, 7 Feb 2018 09:32:01 +0000 (10:32 +0100)]
zlib: Fix build error when LOG_LEVEL=50

When enabling VERBOSE() traces, the zlib library fails to compile
because of an incompatible format specifier string. Fix that.

Change-Id: I74ff1c8dc2e6157ee982f7754bce4504599e3013
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
6 years agoMerge pull request #1254 from masahir0y/bl2-at-el3
davidcunado-arm [Thu, 8 Feb 2018 05:33:11 +0000 (13:33 +0800)]
Merge pull request #1254 from masahir0y/bl2-at-el3

Fix zero_normalmem() for BL2_AT_EL3

6 years agohikey*, poplar: platform.mk: Fix typo in variable assignments
Victor Chong [Wed, 31 Jan 2018 15:37:49 +0000 (00:37 +0900)]
hikey*, poplar: platform.mk: Fix typo in variable assignments

Signed-off-by: Victor Chong <victor.chong@linaro.org>
6 years agopoplar: Support Trusted OS extra image (OP-TEE header) parsing
Victor Chong [Wed, 31 Jan 2018 15:35:39 +0000 (00:35 +0900)]
poplar: Support Trusted OS extra image (OP-TEE header) parsing

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
6 years agopoplar: Add LOAD_IMAGE_V2 support
Victor Chong [Wed, 31 Jan 2018 15:35:22 +0000 (00:35 +0900)]
poplar: Add LOAD_IMAGE_V2 support

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
6 years agopoplar: Add build option for dram size
Victor Chong [Mon, 29 Jan 2018 09:11:02 +0000 (18:11 +0900)]
poplar: Add build option for dram size

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
6 years agopoplar: Fix typo
Victor Chong [Mon, 29 Jan 2018 09:08:34 +0000 (18:08 +0900)]
poplar: Fix typo

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
6 years agopoplar: Remove unused function prototype
Victor Chong [Thu, 25 Jan 2018 16:41:24 +0000 (01:41 +0900)]
poplar: Remove unused function prototype

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Shawn Guo <shawn.guo@linaro.org>
6 years agomaintainers.rst: Add maintainer for plat Poplar
Victor Chong [Tue, 6 Feb 2018 06:11:12 +0000 (15:11 +0900)]
maintainers.rst: Add maintainer for plat Poplar

Signed-off-by: Victor Chong <victor.chong@linaro.org>
6 years agoMerge pull request #1173 from etienne-lms/armv7-qemu
davidcunado-arm [Wed, 7 Feb 2018 03:57:19 +0000 (11:57 +0800)]
Merge pull request #1173 from etienne-lms/armv7-qemu

support to boot OP-TEE on AArch32/Armv7+example with Cortex-A15/Qemu

6 years ago[fix] aarch32: optee: define the OP-TEE secure payload
Etienne Carriere [Tue, 6 Feb 2018 09:58:21 +0000 (10:58 +0100)]
[fix] aarch32: optee: define the OP-TEE secure payload

As per MISRA C-2012 Rule 10.4.
arg0 is a u_register_t, can be a 32bit or 64bit upon architecture.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
6 years agointerrupt-framework-design.rst: Cosmetic changes
Jeenu Viswambharan [Wed, 10 Jan 2018 14:56:03 +0000 (14:56 +0000)]
interrupt-framework-design.rst: Cosmetic changes

Change-Id: Id2e2800af59ca35fc0c4cfdddd9f5c5afd56a4db
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
6 years agoTSPD: Require NS preemption along with EL3 exception handling
Jeenu Viswambharan [Thu, 11 Jan 2018 14:30:22 +0000 (14:30 +0000)]
TSPD: Require NS preemption along with EL3 exception handling

At present, the build option TSP_NS_INTR_ASYNC_PREEMPT controls how
Non-secure interrupt affects TSPs execution. When TSP is executing:

  1. When TSP_NS_INTR_ASYNC_PREEMPT=0, Non-secure interrupts are received
     at the TSP's exception vector, and TSP voluntarily preempts itself.

  2. When TSP_NS_INTR_ASYNC_PREEMPT=1, Non-secure interrupts causes a
     trap to EL3, which preempts TSP execution.

When EL3 exception handling is in place (i.e.,
EL3_EXCEPTION_HANDLING=1), FIQs are always trapped to EL3. On a system
with GICv3, pending NS interrupts while TSP is executing will be
signalled as FIQ (which traps to EL3). This situation necessitates the
same treatment applied to case (2) above.

Therefore, when EL3 exception handling is in place, additionally
require that TSP_NS_INTR_ASYNC_PREEMPT is set to one 1.

Strictly speaking, this is not required on a system with GICv2, but the
same model is uniformly followed regardless, for simplicity.

Relevant documentation updated.

Change-Id: I928a8ed081fb0ac96e8b1dfe9375c98384da1ccd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
6 years agoTSPD: Explicitly allow NS preemption for Yielding SMCs
Jeenu Viswambharan [Wed, 10 Jan 2018 15:22:49 +0000 (15:22 +0000)]
TSPD: Explicitly allow NS preemption for Yielding SMCs

When EL3 exception handling is in effect (i.e.,
EL3_EXCEPTION_HANDLING=1), Non-secure interrupts can't preempt Secure
execution. However, for yielding SMCs, preemption by Non-secure
interupts is intended.

This patch therefore adds a call to ehf_allow_ns_preemption() before
dispatching a Yielding SMC to TSP.

Change-Id: Ia3a1ae252f3adc0f14e6d7e0502f251bdb349bdf
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
6 years agoDeprecate one EL3 interrupt routing model with EL3 exception handling
Jeenu Viswambharan [Wed, 10 Jan 2018 15:00:20 +0000 (15:00 +0000)]
Deprecate one EL3 interrupt routing model with EL3 exception handling

When ARM Trusted Firmware is built with EL3_EXCEPTION_HANDLING=1,
EL3 interrupts (INTR_TYPE_EL3) will always preempt both Non-secure and
secure execution.

The interrupt management framework currently treats EL3 interrupt
routing as valid. For the above reason, this patch makes them invalid
when EL3_EXCEPTION_HANDLING is in effect.

Change-Id: I95bca8f5dc8df8eb0ff6f305cfba098611522a39
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
6 years agoAdd EL3_EXCEPTION_HANDLING to build command line
Jeenu Viswambharan [Tue, 6 Feb 2018 07:50:18 +0000 (07:50 +0000)]
Add EL3_EXCEPTION_HANDLING to build command line

Commit 21b818c05fa4ec8cec468aad690267c5be930ccd (BL31: Introduce
Exception Handling Framework) introduced the build option
EL3_EXCEPTION_HANDLING, but missed to pass that to the build command
line. This patch fixes that.

Change-Id: I0a1be2c7b41a81e748ad7d6cf795aab7f6d19193
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
6 years agoMerge pull request #1224 from masahir0y/gzip
davidcunado-arm [Tue, 6 Feb 2018 05:12:28 +0000 (05:12 +0000)]
Merge pull request #1224 from masahir0y/gzip

Support GZIP-compressed images for faster loading and verification

6 years agoqemu: support ARMv7/Cortex-A15
Etienne Carriere [Fri, 2 Feb 2018 12:23:22 +0000 (13:23 +0100)]
qemu: support ARMv7/Cortex-A15

Define Qemu AArch32 implementation for some platform functions
(core position, secondary boot cores, crash console). These are
derived from the AArch64 implementation.

BL31 on Qemu is needed only for ARMv8 and later. On ARMv7, BL32 is
the first executable image after BL2.

Support SP_MIN and OP-TEE as BL32: create a sp_min make script target
in Qemu, define mapping for IMAGE_BL32

Minor fix Qemu return value type for plat_get_ns_image_entrypoint().

Qemu model for the Cortex-A15 does not support the virtualization
extension although the core expects it. To overcome the issue, Qemu
ARMv7 configuration set ARCH_SUPPORTS_VIRTUALIZATION to 0.

Add missing AArch32 assembly macro arm_print_gic_regs from ARM platform
used by the Qemu platform.

Qemu Cortex-A15 model integrates a single cluster with up to 4 cores.

Change-Id: I65b44399071d6f5aa40d5183be11422b9ee9ca15
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
6 years agoaarch32: optee: define the OP-TEE secure payload
Etienne Carriere [Mon, 5 Feb 2018 09:42:42 +0000 (10:42 +0100)]
aarch32: optee: define the OP-TEE secure payload

AArch32 only platforms can boot the OP-TEE secure firmware as
a BL32 secure payload. Such configuration can be defined through
AARCH32_SP=optee.

The source files can rely on AARCH32_SP_OPTEE to condition
OP-TEE boot specific instruction sequences.

OP-TEE does not expect ARM Trusted Firmware formatted structure
as boot argument. Load sequence is expected to have already loaded
to OP-TEE boot arguments into the bl32 entrypoint info structure.

Last, AArch32 platform can only boot AArch32 OP-TEE images.

Change-Id: Ic28eec5004315fc9111051add6bb1a1d607fc815
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
6 years agoMerge pull request #1249 from masahir0y/uniphier
davidcunado-arm [Fri, 2 Feb 2018 22:59:16 +0000 (22:59 +0000)]
Merge pull request #1249 from masahir0y/uniphier

uniphier: fix and improve memory layout

6 years agoaarch32: use lr as bl32 boot argument on aarch32 only systems
Etienne Carriere [Fri, 2 Feb 2018 12:16:18 +0000 (13:16 +0100)]
aarch32: use lr as bl32 boot argument on aarch32 only systems

Add 'lr_svc' as a boot parameter in AArch32 bl1. This is used by Optee
and Trusty to get the non-secure entry point on AArch32 platforms.

This change is not ported in AArch64 mode where the BL31, not BL32,
is in charge of booting the non secure image (BL33).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
6 years agoMerge pull request #1253 from dp-arm/dp/amu32
davidcunado-arm [Fri, 2 Feb 2018 11:14:17 +0000 (11:14 +0000)]
Merge pull request #1253 from dp-arm/dp/amu32

AMUv1 support for AArch32

6 years agouniphier: add ULL to physical address literals
Masahiro Yamada [Fri, 2 Feb 2018 06:55:13 +0000 (15:55 +0900)]
uniphier: add ULL to physical address literals

Looks like this is requirement in the pre-merge static analysis.

misra_violation: [Required] MISRA C-2012 Rule 7.2 violation:
Unsigned constants must be declared with U or u suffix.

Adding ULL as requested.  I used ULL() macros for BL*_{BASE,LIMIT}
because they are referenced from linker scripts.

Requested-by: David Cunado <david.cunado@arm.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agouniphier: allocate xlat region of on-chip SRAM only when needed
Masahiro Yamada [Tue, 30 Jan 2018 10:30:39 +0000 (19:30 +0900)]
uniphier: allocate xlat region of on-chip SRAM only when needed

Currently, the xlat region of the on-chip SRAM is always allocated
for all BL images.

The access to the on-chip SRAM is necessary for loading images from
a USB memory device (i.e. when updating firmware), so unneeded for
the usual boot procedure.

To avoid this waste, allocate the xlat region dynamically only for
BL2, and only when it is necessary.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agouniphier: get back original BL31/32 location used before BL2-AT-EL3
Masahiro Yamada [Tue, 30 Jan 2018 09:49:37 +0000 (18:49 +0900)]
uniphier: get back original BL31/32 location used before BL2-AT-EL3

Commit 247fc0435191 ("uniphier: switch to BL2-AT-EL3 and remove BL1
support") accidentally changed the location of BL31 and BL32.  The
new memory map overlaps with the audio DSP images, also gives impact
to OP-TEE.  They are both out of control of ARM Trusted Firmware, so
not easy to change.  This commit restores the image layout that was
originally used prior to the BL2-AT-EL3 migration.

Reported-by: Katsuhiro Suzuki <suzuki.katsuhiro@socionext.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoMerge pull request #1247 from rockchip-linux/rk3399/fixes-memory-corruptions
davidcunado-arm [Thu, 1 Feb 2018 23:29:34 +0000 (23:29 +0000)]
Merge pull request #1247 from rockchip-linux/rk3399/fixes-memory-corruptions

rockchip/rk3399: Fix memory corruptions or illegal memory access

6 years agoMerge pull request #1245 from antonio-nino-diaz-arm/an/checkpatch
davidcunado-arm [Thu, 1 Feb 2018 18:15:53 +0000 (18:15 +0000)]
Merge pull request #1245 from antonio-nino-diaz-arm/an/checkpatch

Analyze coding style of patches individually

6 years agouniphier: support GZIP-compressed images
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
uniphier: support GZIP-compressed images

Allow to handle GZIP-compressed images by giving FIP_GZIP=1 from the
command line.

- Images are GZIP-compressed, then packed into FIP.  If Trusted Board
  Boot is enabled, certificates are generated based on the compressed
  images.

- GZIP decompressor is linked into BL2 to decompress images at
  run-time.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agouniphier: add a helper to get image_info
Masahiro Yamada [Thu, 1 Feb 2018 12:37:40 +0000 (21:37 +0900)]
uniphier: add a helper to get image_info

In the next commit, I will have more usecases to get struct image_info
from image ID.  It is better to make a helper function at a different
layer.  I do not need the current uniphier_image_descs_fixup() since
the code is small enough to be squashed into the caller side.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoimage_decompress: add APIs for decompressing images
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
image_decompress: add APIs for decompressing images

These APIs are used by platforms that need to decompress images.

image_decompress_init():
  This registers a temporary buffer and a decompressor callback.
  This should be called from platform init code.

image_decompress_prepare():
  This should be called before each compressed image is loaded.  The
  best location to call this will be bl*_plat_handle_pre_image_load().

image_decompress():
  This should be called after each compressed image is loaded.  The
  best location to call this will be bl*_plat_handle_post_image_load().

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agobl1: add bl1_plat_handle_{pre,post}_image_load()
Masahiro Yamada [Thu, 1 Feb 2018 07:46:18 +0000 (16:46 +0900)]
bl1: add bl1_plat_handle_{pre,post}_image_load()

Just like bl2_, add pre/post image load handlers for BL1.  No argument
is needed since BL2 is the only image loaded by BL1.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agobl2: add bl2_plat_handle_pre_image_load()
Masahiro Yamada [Thu, 1 Feb 2018 07:45:51 +0000 (16:45 +0900)]
bl2: add bl2_plat_handle_pre_image_load()

There are cases where we need to manipulate image information before
the load.  For example, for decompressing data, we cannot load the
compressed images to their final destination.  Instead, we need to
load them to the temporary buffer for the decompressor.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoplat/common: move arch-agnostic fallback functions to C file
Masahiro Yamada [Thu, 1 Feb 2018 09:42:24 +0000 (18:42 +0900)]
plat/common: move arch-agnostic fallback functions to C file

When we add a new callback, we need to duplicate fallbacks among
plat/common/{aarch32,aarch64}/platform_helpers.S  This is tedious.

I created a new C file, then moved 3 functions:
  plat_error_handler
  bl2_plat_preload_setup
  plat_try_next_boot_source

They are called from C, so I do not see a good reason to implement
them in assembly.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agozlib: add gunzip() support
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
zlib: add gunzip() support

This commit adds some more files to use zlib from TF.

To use zlib, ->zalloc and ->zfree hooks are needed.  The implementation
depends on the system.  For user-space, the libc provides malloc() and
friends.  Unfortunately, ARM Trusted Firmware does not provide malloc()
or any concept of dynamic memory allocation.

I implemented very simple calloc() and free() for this.  Stupidly,
zfree() never frees memory, but it works enough for this.

The purpose of using zlib is to implement gunzip() - this function
takes compressed data from in_buf, then dumps the decompressed data
to oub_buf.  The work_buf is used for memory allocation during the
decompress.  Upon exit, it updates in_buf and out_buf.  If successful,
in_buf points to the end of input data, out_buf to the end of the
decompressed data.

To use this feature, you need to do:

 - include lib/zlib/zlib.mk from your platform.mk

 - add $(ZLIB_SOURCES) to your BL*_SOURCES

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agozlib: import zlib files from zlib 1.2.11
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
zlib: import zlib files from zlib 1.2.11

Import the following files from zlib 1.2.11:

   adler32.c
   crc32.c
   crc32.h
   inffast.c
   inffast.h
   inffixed.h
   inflate.c
   inflate.h
   inftrees.c
   inftrees.h
   zconf.h
   zlib.h
   zutil.c
   zutil.h

The original tarball is available from http://zlib.net/

The zlib is free software, distributed under the zlib license.  The
license text is included in the "zlib.h" file.  It should be compatible
with BSD-3-Clause.

The zlib license is included in the SPDX license list available at
https://spdx.org/licenses/, but I did not add the SPDX license tag to
the imported files above, to keep them as they are in the upstream
project.  This seems the general policy for ARM Trusted Firmware, as
SPDX License Identifier was not added to files imported from FreeBSD.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: add GZIP compression filter
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: add GZIP compression filter

One typical usage of the pre-tool image filter is data compression,
and GZIP is one of the most commonly used compression methods.
I guess this is generic enough to be put in the common script instead
of platform.mk.

If you want to use this, you can add something like follows to your
platform.mk:

    BL32_PRE_TOOL_FILTER := GZIP
    BL33_PRE_TOOL_FILTER := GZIP

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: support pre-tool image processing
Masahiro Yamada [Thu, 1 Feb 2018 07:31:09 +0000 (16:31 +0900)]
Build: support pre-tool image processing

There are cases where we want to process images before they are
passed to cert_create / fiptool.

My main motivation is data compression.  By compressing images, we can
save data storage, and possibly speed up loading images.  The image
verification will also get faster because certificates are generated
based on compressed images.

Other image transformation filters (for ex. encryption), and their
combinations would be possible.  So, our build system should support
transformation filters in a generic manner.

The choice of applied filters is up to platforms (so specified in
platform.mk)

To define a new filter, <FILTER_NAME>_RULE and <FILTER_NAME>_SUFFIX
are needed.

For example, the GZIP compression filter can be implemented as follows:

------------------------>8------------------------
define GZIP_RULE
$(1): $(2)
        @echo "  GZIP    $$@"
        $(Q)gzip -n -f -9 $$< --stdout > $$@
endef

GZIP_SUFFIX := .gz
------------------------>8------------------------

The _RULE defines how to create the target $(1) from the source $(2).
The _SUFFIX defines the extension appended to the processed image path.
The suffix is not so important because the file name information is not
propagated to FIP, but adding a sensible suffix will be good to classify
the data file.

Platforms can specify which filter is applied to which BL image, like
this:

------------------------>8------------------------
BL32_PRE_TOOL_FILTER := GZIP
BL33_PRE_TOOL_FILTER := GZIP
------------------------>8------------------------

<IMAGE_NAME>_PRE_TOOL_FILTER specifies per-image filter.  With this,
different images can be transformed differently.  For the case above,
only BL32 and BL33 are GZIP-compressed.  Nothing is done for other
images.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: change the first parameter of TOOL_ADD_IMG to lowercase
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: change the first parameter of TOOL_ADD_IMG to lowercase

In the next commit, I need the image name in lowercase because
output files are generally named in lowercase.

Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase
since we generally use uppercase Make variables.

make_helpers/build_macros.mk provides 'uppercase' macro to convert
a string into uppercase, but 'lowercase' does not exist.  We can
implement it if we like, but it would be more straightforward to
change the argument of TOOL_ADD_IMG.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: make tools depend on $(BIN) instead of PHONY target
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: make tools depend on $(BIN) instead of PHONY target

The PHONY target "bl*" generate $(BIN) and $(DUMP), but host tools
(fiptool, cert_create) only need $(BIN).

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: remove third argument of CERT_ADD_CMD_OPT
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: remove third argument of CERT_ADD_CMD_OPT

The third argument was given "true" by images, but it was moved
to TOOL_ADD_PAYLOAD.  No more caller of CERT_ADD_CMD_OPT uses this.
So, the third argument is always empty.  Remove it.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: rename FIP_ADD_IMG to TOOL_ADD_IMG
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: rename FIP_ADD_IMG to TOOL_ADD_IMG

Now FIP_ADD_IMG takes care of both fiptool and cert_create
symmetrically.  Rename it so that it matches the behavior.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: rename FIP_ADD_PAYLOAD to TOOL_ADD_PAYLOAD
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: rename FIP_ADD_PAYLOAD to TOOL_ADD_PAYLOAD

Now FIP_ADD_PAYLOAD takes care of both fiptool and cert_create
symmetrically.  Rename it so that it matches the behavior.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: move cert_create arguments and dependency to FIP_ADD_PAYLOAD
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: move cert_create arguments and dependency to FIP_ADD_PAYLOAD

The fiptool and cert_create use the same command options for images.
It is pretty easy to handle both in the same, symmetrical way.

Move CRT_ARGS and CRT_DEPS to FIP_ADD_PAYLOAD.  This refactoring makes
sense because FIP_ADD_PAYLOAD is called from MAKE_BL (when building
images from source), and from FIP_ADD_IMG (when including external
images).  (FIP_ADD_PAYLOAD will be renamed later on since it now
caters to both fiptool and cert_create).

We can delete CERT_ADD_CMD_OPT for images in tbbr.mk.  It still
needs to call CERT_ADD_CMD_OPT directly for certificates.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: rip off unneeded $(eval ...) from buid macros
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: rip off unneeded $(eval ...) from buid macros

The callers of these macros are supposed to use $(eval $(call, ...)).
The $(eval ...) on the callee side is unneeded.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: merge build macros between FIP_ and FWU_FIP_
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: merge build macros between FIP_ and FWU_FIP_

The build system supports generating two FIP images, fip and fwu_fip.
Accordingly, we have similar build macros.

   FIP_ADD_PAYLOAD   <-->  FWU_FIP_ADD_PAYLOAD
   CERT_ADD_CMD_OPT  <-->  FWU_CERT_ADD_CMD_OPT
   FIP_ADD_IMG       <-->  FWU_FIP_ADD_IMG

The duplicated code increases the maintenance burden.  Also, the build
rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from
source files, but we want to put it in fwu_fip.  We can not do it in a
single macro call since the current MAKE_BL does not support fwu_fip.

To refactor those in a clean way is to support one more argument to
specify the FIP prefix.  If it is empty, the images are targeted to
fip, whereas if the argument is "FWU_", targeted to fwu_fip.

The build macros prefixed with FWU_ go away.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: squash MAKE_TOOL_ARGS into MAKE_BL
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: squash MAKE_TOOL_ARGS into MAKE_BL

Now, MAKE_TOOL_ARGS is only called from MAKE_BL.  Squash it.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: refactor BL32 build rules
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: refactor BL32 build rules

This complicated if-conditional combo was introduced by commit
70d1fc5383b9 ("Fix build error when `BL32` is not defined") in order
to fix the compile error of "make all" when SPD=opteed is given.

The requirement for the build system is like follows:

 - If both BL32 and BL32_SOURCES are defined, the former takes
   precedence.

 - If BL32 is undefined but BL32_SOURCES is defined, we compile
   BL32 from the source files.

 - We want to let the build fail if neither of them is defined,
   but we want to check it only when we are building FIP.

Refactor the code to not call FIP_ADD_IMG twice.  The behavior is
still the same.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: replace $(call MAKE_TOOL_ARGS,...) with $(call FIP_ADD_IMG,...)
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: replace $(call MAKE_TOOL_ARGS,...) with $(call FIP_ADD_IMG,...)

We use $(call MAKE_TOOL_ARGS,...) or $(call FIP_ADD_IMG,...) where we
expect externally built images.  The difference between the two is
check_* target.  It now checks if the given path exists, so it is a
good thing to use $(call FIP_ADD_IMG,...) in all the places.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoBuild: check if specified external image exists
Masahiro Yamada [Fri, 26 Jan 2018 02:42:01 +0000 (11:42 +0900)]
Build: check if specified external image exists

check_* targets check if the required option are given, but do not
check the validity of the argument.  If the specified file does not
exist, let the build fail immediately instead of passing the invalid
file path to tools.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoMerge pull request #1240 from dp-arm/dp/smccc
davidcunado-arm [Thu, 1 Feb 2018 10:39:05 +0000 (10:39 +0000)]
Merge pull request #1240 from dp-arm/dp/smccc

Implement support for SMCCC v1.1 and optimize security mitigations for CVE-2017-5715 on AArch64

6 years agoMerge pull request #1236 from dbasehore/gic-save-restore
davidcunado-arm [Thu, 1 Feb 2018 08:58:23 +0000 (08:58 +0000)]
Merge pull request #1236 from dbasehore/gic-save-restore

RK3399 GIC save/restore

6 years agomisc_helpers: fix zero_normalmem() for BL2_AT_EL3
Masahiro Yamada [Thu, 1 Feb 2018 04:17:29 +0000 (13:17 +0900)]
misc_helpers: fix zero_normalmem() for BL2_AT_EL3

The assertion in zero_normalmem() fails for BL2_AT_EL3.  This mode is
executed in EL3, so it should check sctlr_el3 instead of sctlr_el1.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoAMU: Implement context save/restore for aarch32
Joel Hutton [Thu, 21 Dec 2017 15:21:20 +0000 (15:21 +0000)]
AMU: Implement context save/restore for aarch32

Add amu_context_save() and amu_context_restore() functions for aarch32

Change-Id: I4df83d447adeaa9d9f203e16dc5a919ffc04d87a
Signed-off-by: Joel Hutton <joel.hutton@arm.com>
6 years agoAMU: Add assembler helper functions for aarch32
Joel Hutton [Tue, 12 Dec 2017 15:47:55 +0000 (15:47 +0000)]
AMU: Add assembler helper functions for aarch32

Change-Id: Id6dfe885a63561b1d2649521bd020367b96ae1af
Signed-off-by: Joel Hutton <joel.hutton@arm.com>
6 years agoMerge pull request #1242 from afaerber/fiptool-hikey-pad
davidcunado-arm [Tue, 30 Jan 2018 20:50:16 +0000 (20:50 +0000)]
Merge pull request #1242 from afaerber/fiptool-hikey-pad

fiptool: Fix use after free

6 years agoMerge pull request #1220 from jwerner-chromium/JW_ld_bfd
davidcunado-arm [Tue, 30 Jan 2018 12:45:52 +0000 (12:45 +0000)]
Merge pull request #1220 from jwerner-chromium/JW_ld_bfd

Makefile: Use ld.bfd linker if available

6 years agoMerge pull request #1248 from stevecapperarm/fixes/pie-logic
davidcunado-arm [Tue, 30 Jan 2018 11:15:20 +0000 (11:15 +0000)]
Merge pull request #1248 from stevecapperarm/fixes/pie-logic

Correct the Makefile logic for disabling PIE

6 years agoMerge pull request #1235 from jwerner-chromium/JW_udelay
davidcunado-arm [Tue, 30 Jan 2018 08:59:35 +0000 (08:59 +0000)]
Merge pull request #1235 from jwerner-chromium/JW_udelay

Fix udelay issues that can make duration slightly too short

6 years agorockchip/rk3399: Fix memory corruptions or illegal memory access
Caesar Wang [Tue, 30 Jan 2018 01:11:24 +0000 (09:11 +0800)]
rockchip/rk3399: Fix memory corruptions or illegal memory access

Coverity scan done for the coreboot project found the issue:
Coverity (*** CID 1385418: Memory - illegal accesses (OVERRUN))
Coverity (*** CID 1385419: Memory - corruptions  (OVERRUN))

Fix the Converity error issue with store_cru[] loop needs to be one
element bigger.

Fixes: ARM-software/tf-issues#544
Change-Id: I420f0a660b24baaa5fc5e78fca242cf750c9bbc7
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
6 years agoMerge pull request #1237 from sandrine-bailleux-arm/sb/spm-timer
davidcunado-arm [Mon, 29 Jan 2018 23:16:27 +0000 (23:16 +0000)]
Merge pull request #1237 from sandrine-bailleux-arm/sb/spm-timer

SPM: Map devices in the 1st GB

6 years agoMerge pull request #1246 from sandrine-bailleux-arm/topics/sb/fix-cnp-doc
davidcunado-arm [Mon, 29 Jan 2018 22:46:27 +0000 (22:46 +0000)]
Merge pull request #1246 from sandrine-bailleux-arm/topics/sb/fix-cnp-doc

Fix documentation for CnP bit

6 years agoMerge pull request #1243 from afaerber/hikey-docs
davidcunado-arm [Mon, 29 Jan 2018 22:45:35 +0000 (22:45 +0000)]
Merge pull request #1243 from afaerber/hikey-docs

docs: hikey: Fix typo

6 years agoMakefile: Use ld.bfd linker if available
Julius Werner [Wed, 10 Jan 2018 23:12:47 +0000 (15:12 -0800)]
Makefile: Use ld.bfd linker if available

Some toolchain distributions install both the BFD and GOLD linkers under
the names <target>-ld.bfd and <target>-ld.gold. <target>-ld will then be
a symlink that may point to either one of these.

Trusted Firmware should always be linked with the BFD linker, since GOLD
is meant primarily for userspace programs and doesn't support many of
the more obscure linker script features that may be needed for firmware.
With this patch the Makefile will auto-detect if ld.bfd is available and
use it explicitly in that case.

Change-Id: I7017055f67db3bd57d191d20a7af06ca646937d7
Signed-off-by: Julius Werner <jwerner@chromium.org>
6 years agoFix documentation for CnP bit
Sandrine Bailleux [Mon, 29 Jan 2018 13:48:15 +0000 (14:48 +0100)]
Fix documentation for CnP bit

The CnP bit documentation in the Firmware Design Guide incorrectly
used the term "Page Entries" instead of "Processing Elements".
Fix that.

Change-Id: Ie44ee99c281b7b1a9ad90fba2c7d109f12425507
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
6 years agoAnalyze coding style of patches individually
Antonio Nino Diaz [Mon, 29 Jan 2018 12:00:31 +0000 (12:00 +0000)]
Analyze coding style of patches individually

With the old system `checkpatch.pl` gets one sole input that consists of
the commit message and commit diff of each commit between BASE_COMMIT
and HEAD. It also filters out changes in some files, which makes `git
format-patch` completely ignore that commit, even the commit message.

With the new system the commit message and commit diff are analyzed
separately. This means that, even if all the files modified by a commit
are filtered out, the commit message will still be analyzed.

Also, all commits are analyzed individually. This way it's easier to
know which commit caused the problem, and there are no warnings about
repeated "Signed-off-by" lines.

Change-Id: Ic676a0b76801bb2607141a8d73dc3a942dc01c0e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
6 years agoOptimize SMCCC_ARCH_WORKAROUND_1 on Cortex A57/A72/A73 and A75
Dimitris Papastamos [Mon, 8 Jan 2018 13:57:39 +0000 (13:57 +0000)]
Optimize SMCCC_ARCH_WORKAROUND_1 on Cortex A57/A72/A73 and A75

This patch implements a fast path for this SMC call on affected PEs by
detecting and returning immediately after executing the workaround.

NOTE: The MMU disable/enable workaround now assumes that the MMU was
enabled on entry to EL3.  This is a valid assumption as the code turns
on the MMU after reset and leaves it on until the core powers off.

Change-Id: I13c336d06a52297620a9760fb2461b4d606a30b3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoOptimize/cleanup BPIALL workaround
Dimitris Papastamos [Thu, 11 Jan 2018 15:29:36 +0000 (15:29 +0000)]
Optimize/cleanup BPIALL workaround

In the initial implementation of this workaround we used a dedicated
workaround context to save/restore state.  This patch reduces the
footprint as no additional context is needed.

Additionally, this patch reduces the memory loads and stores by 20%,
reduces the instruction count and exploits static branch prediction to
optimize the SMC path.

Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoAdd support for SMCCC_VERSION in PSCI features
Dimitris Papastamos [Mon, 22 Jan 2018 12:58:52 +0000 (12:58 +0000)]
Add support for SMCCC_VERSION in PSCI features

On some platforms it may be necessary to discover the SMCCC version
via a PSCI features call.

Change-Id: I95281ac2263ca9aefda1809eb03464fbdb8ac24d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoImplement support for SMCCC v1.1
Dimitris Papastamos [Fri, 19 Jan 2018 16:58:29 +0000 (16:58 +0000)]
Implement support for SMCCC v1.1

SMCCC v1.1 comes with a relaxed calling convention for AArch64
callers.  The caller only needs to save x0-x3 before doing an SMC
call.

This patch adds support for SMCCC_VERSION and SMCCC_ARCH_FEATURES.

Refer to "Firmware Interfaces for mitigating CVE_2017_5715 System
Software on Arm Systems"[0] for more information.

[0] https://developer.arm.com/-/media/developer/pdf/ARM%20DEN%200070A%20Firmware%20interfaces%20for%20mitigating%20CVE-2017-5715_V1.0.pdf

Change-Id: If5b1c55c17d6c5c7cb9c2c3ed355d3a91cdad0a9
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoruntime_exceptions: Save x4-x29 unconditionally
Dimitris Papastamos [Mon, 22 Jan 2018 11:53:04 +0000 (11:53 +0000)]
runtime_exceptions: Save x4-x29 unconditionally

In preparation for SMCCC v1.1 support, save x4 to x29 unconditionally.
Previously we expected callers coming from AArch64 mode to preserve
x8-x17.  This is no longer the case with SMCCC v1.1 as AArch64 callers
only need to save x0-x3.

Change-Id: Ie62d620776533969ff4a02c635422f1b9208be9c
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoDisable workaround for CVE-2017-5715 on unaffected platforms
Dimitris Papastamos [Wed, 24 Jan 2018 16:41:14 +0000 (16:41 +0000)]
Disable workaround for CVE-2017-5715 on unaffected platforms

Change-Id: Ib67b841ab621ca1ace3280e44cf3e1d83052cb73
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoMerge pull request #1241 from vchong/fixmemprot
davidcunado-arm [Mon, 29 Jan 2018 09:54:52 +0000 (09:54 +0000)]
Merge pull request #1241 from vchong/fixmemprot

hikey: fix assert in sec_protect()

6 years agoSPM: Map devices in the 1st GB
Sandrine Bailleux [Fri, 12 Jan 2018 14:50:12 +0000 (15:50 +0100)]
SPM: Map devices in the 1st GB

This patch maps the devices in the first GB of the system address map
on the FVP into the S-EL1&0 translation regime when SPM support is
enabled. This grants the Secure Partition access to the devices in
this region, for example the memory-mapped Generic Timer device.

Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
6 years agodocs: hikey: Fix typo
Andreas Färber [Mon, 29 Jan 2018 01:47:10 +0000 (02:47 +0100)]
docs: hikey: Fix typo

The correct name of the manufacturer is LeMaker.

Signed-off-by: Andreas Färber <afaerber@suse.de>
6 years agofiptool: Fix use after free
Andreas Färber [Sat, 27 Jan 2018 15:46:59 +0000 (16:46 +0100)]
fiptool: Fix use after free

Commit 880b9e8b4c99ad99eee14079d5a6162733ef4931 (Add padding at the end
of the last entry) added code using toc_entry pointer, whose memory is
already freed via variable buf. This causes enormous padding on openSUSE.

Free the memory buffer only after padding is done.

Signed-off-by: Andreas Färber <afaerber@suse.de>
6 years agohikey: fix assert in sec_protect()
Victor Chong [Sat, 27 Jan 2018 12:36:12 +0000 (21:36 +0900)]
hikey: fix assert in sec_protect()

`assert(e)` was used in place of `if (e) ERROR()` when sec_protect()
was ported from hikey fork so the logic should have been reversed.

Fixes: 3d5d9f5a ("hikey: configure the top 16MB of DRAM as secure")
Fixes: 52988b38 ("hikey: configure 4 MB of secure DRAM for OP-TEE
Secure Data Path")
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
6 years agoMerge pull request #1205 from petegriffin/hikey-protect-memory
davidcunado-arm [Fri, 26 Jan 2018 17:29:36 +0000 (17:29 +0000)]
Merge pull request #1205 from petegriffin/hikey-protect-memory

Hikey protect optee / sdp memory

6 years agorockchip: Disable rdist before pwr_dm_suspend is called
Derek Basehore [Fri, 26 Jan 2018 06:05:41 +0000 (22:05 -0800)]
rockchip: Disable rdist before pwr_dm_suspend is called

This disables the redistributor before either of the pwr_dm_suspend
functions are called. This is because the rdist save code in the
rk3399 rockchip_soc_sys_pwr_dm_suspend function requires that each
redistributor be disabled before saving state.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>
6 years agodelay_timer: Guarantee that delay time can never be undershot
Julius Werner [Mon, 22 Jan 2018 22:02:03 +0000 (14:02 -0800)]
delay_timer: Guarantee that delay time can never be undershot

Delay functions like udelay() are often used to ensure that the
necessary time passed to allow some asynchronous event to finish, such
as the stabilization delay for a power rail. For these use cases it is
not very problematic if the delay is slightly longer than requested,
but it is critical that the delay must never be shorter.

The current udelay() implementation contains two hazards that may cause
the delay to be slightly shorter than intended: Firstly, the amount of
ticks to wait is calculated with an integer division, which may cut off
the last fraction of ticks needed. Secondly, the delay may be short by a
fraction of a tick because we do not know whether the initial ("start")
sample of the timer was near the start or near the end of the current
tick. Thus, if the code intends to wait for one tick, it might read the
timer value close to the end of the current tick and then read it again
right after the start of the next tick, concluding that the duration of
a full tick has passed when it in fact was just a fraction of it.

This patch rounds up the division and always adds one extra tick to
counteract both problems and ensure that delays will always be larger
but never smaller than requested.

Change-Id: Ic5fe5f858b5cdf3c0dbf3e488d4d5702d9569433
Signed-off-by: Julius Werner <jwerner@chromium.org>
6 years agoMerge pull request #1232 from masahir0y/uniphier
davidcunado-arm [Thu, 25 Jan 2018 16:36:43 +0000 (16:36 +0000)]
Merge pull request #1232 from masahir0y/uniphier

uniphier: migrate to BL2-AT-EL3

6 years agoMerge pull request #1234 from SNG-ARM/master
davidcunado-arm [Thu, 25 Jan 2018 00:52:01 +0000 (00:52 +0000)]
Merge pull request #1234 from SNG-ARM/master

SPM: Declare explicit width based types in secure_partition_boot_info…

6 years agoMerge pull request #1231 from Leo-Yan/hikey960_enable_fiq_handling
davidcunado-arm [Thu, 25 Jan 2018 00:07:06 +0000 (00:07 +0000)]
Merge pull request #1231 from Leo-Yan/hikey960_enable_fiq_handling

Hikey960: Enable invalid FIQ handling

6 years agoMerge pull request #1228 from dp-arm/dp/cve_2017_5715
davidcunado-arm [Thu, 25 Jan 2018 00:06:50 +0000 (00:06 +0000)]
Merge pull request #1228 from dp-arm/dp/cve_2017_5715

Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting

6 years agoMerge pull request #1223 from vchong/poplar_bl1loadsfip
davidcunado-arm [Wed, 24 Jan 2018 23:00:01 +0000 (23:00 +0000)]
Merge pull request #1223 from vchong/poplar_bl1loadsfip

poplar: Enable emmc and recovery build support

6 years agoMerge pull request #1193 from jwerner-chromium/JW_coreboot
davidcunado-arm [Wed, 24 Jan 2018 14:31:53 +0000 (14:31 +0000)]
Merge pull request #1193 from jwerner-chromium/JW_coreboot

New console API and coreboot support [v4]

6 years agouniphier: switch to BL2-AT-EL3 and remove BL1 support
Masahiro Yamada [Tue, 19 Dec 2017 02:56:05 +0000 (11:56 +0900)]
uniphier: switch to BL2-AT-EL3 and remove BL1 support

UniPhier platform implements non-TF boot ROM.  Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is entered at EL1-S.  Now, this platform is able to avoid this waste.

Enable the BL2_AT_EL3 option, and remove BL1.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agouniphier: set PROGRAMMABLE_RESET_ADDRESS to disable warm boot mailbox
Masahiro Yamada [Mon, 22 Jan 2018 09:35:16 +0000 (18:35 +0900)]
uniphier: set PROGRAMMABLE_RESET_ADDRESS to disable warm boot mailbox

The warm boot mailbox code is compiled if PROGRAMMABLE_RESET_ADDRESS
is disabled.

The warm boot mailbox is useless for UniPhier SoC family because BL1
is not the first image.  The UniPhier platform implements non-TF ROM,
then BL1 works as a pseudo ROM, so it is never executed in the warm
boot.

The reset vector address is not actually programmable for UniPhier
platform, but it should not hurt to enable PROGRAMMABLE_RESET_ADDRESS
to disable the mailbox and remove pointless plat_get_my_entrypoint.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoMerge pull request #1233 from soby-mathew/sm/rm_uniphier_override
davidcunado-arm [Wed, 24 Jan 2018 12:31:06 +0000 (12:31 +0000)]
Merge pull request #1233 from soby-mathew/sm/rm_uniphier_override

Allow API deprecation for uniphier platform

6 years agohikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path
Peter Griffin [Thu, 21 Dec 2017 18:03:46 +0000 (18:03 +0000)]
hikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path

Update the memory firewall configuration to reserve 4 MB of secure RAM
for use by the kernel and OP-TEE as the Secure Data Path pool.
Note that this address range (0x3E800000 - 0x3EC00000) falls in the
range already set aside by UEFI (which reserves the upper 32 MB of the
1GB DRAM for OP-TEE [1]) and was previously unused.

[1] https://github.com/96boards-hikey/edk2/blob/hikey/HisiPkg/HiKeyPkg/Library/HiKeyLib/HiKeyMem.c#L44
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
6 years agohikey: configure the top 16MB of DRAM as secure
Jerome Forissier [Mon, 4 May 2015 07:40:03 +0000 (09:40 +0200)]
hikey: configure the top 16MB of DRAM as secure

DRAM region 0x3f000000 - 0x3fffffff is reserved for OP-TEE and should
therefore be accessible only from secure world.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
6 years agorockchip/rk3399: Save and restore GIC
Derek Basehore [Wed, 24 Jan 2018 01:18:57 +0000 (17:18 -0800)]
rockchip/rk3399: Save and restore GIC

This adds calls to the GICv3 save/restore functions for the GIC
distributor and redistributor.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>
6 years agorockchip/rk3399: Add udelay to wait loops
Derek Basehore [Wed, 24 Jan 2018 00:24:43 +0000 (16:24 -0800)]
rockchip/rk3399: Add udelay to wait loops

We were looping for MAX_WAIT_COUNT in several places without any
delays, so this adds the delays to make those loops more predictable.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>
6 years agorockchip/rk3399: Fix QOS save/restore
Derek Basehore [Wed, 24 Jan 2018 00:02:27 +0000 (16:02 -0800)]
rockchip/rk3399: Fix QOS save/restore

The code was accidentally restoring the QOS on suspend and saving the
QOS on resume. This is the opposite of what we want.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>
6 years agoGICv3: Fix Dist restore for when the GIC is reset
Derek Basehore [Tue, 23 Jan 2018 23:49:17 +0000 (15:49 -0800)]
GICv3: Fix Dist restore for when the GIC is reset

If the GIC loses power during suspend, which the restore code was
written for, exit early in the post restore power sequence. This
prevents an assert from tripping, and the power sequence isn't needed
in this case anyways.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>
6 years agorockchip/rk3399: Change PD_CTR_LOOP to 10000
Derek Basehore [Tue, 23 Jan 2018 23:44:31 +0000 (15:44 -0800)]
rockchip/rk3399: Change PD_CTR_LOOP to 10000

This brings ATF into line with the kernel on the timeout for power
domains turning on. We could actually timeout (when we shouldn't) on
resume when turning power domains on. The guaranteed maximum delay is
now 10ms.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>
6 years agoCorrect the Makefile logic for disabling PIE
Steve Capper [Tue, 23 Jan 2018 03:30:05 +0000 (03:30 +0000)]
Correct the Makefile logic for disabling PIE

In the Makefile we use findstring to locate gcc toolchains
that have PIE enabled by default.

Unfortunately the result of findstring is compared against
an integer, 1, rather than a non-empty string; the logic to
disable PIE then doesn't get applied.

This patch fixes the flag test.

Fixes: f7ec31db2db3 ("Disable PIE compilation option")
Change-Id: I4cd2866974e313d6b408f9681311d78a208ab468
Signed-off-by: Steve Capper <steve.capper@arm.com>