project/bcm63xx/atf.git
6 years agoMerge pull request #1218 from antonio-nino-diaz-arm/an/xlat-fix
davidcunado-arm [Tue, 16 Jan 2018 01:10:13 +0000 (01:10 +0000)]
Merge pull request #1218 from antonio-nino-diaz-arm/an/xlat-fix

xlat v2: Correctly unmap regions on map error

6 years agoMerge pull request #1216 from hzhuang1/fix_psci
davidcunado-arm [Tue, 16 Jan 2018 01:09:57 +0000 (01:09 +0000)]
Merge pull request #1216 from hzhuang1/fix_psci

Hikey960: Fix hikey960 pcie mount fail

6 years agoMerge pull request #1215 from vwadekar/tlkd-ns-dram-ranges
davidcunado-arm [Tue, 16 Jan 2018 01:09:37 +0000 (01:09 +0000)]
Merge pull request #1215 from vwadekar/tlkd-ns-dram-ranges

spd: tlkd: support for "NS memory ranges" function ID

6 years agoMerge pull request #1217 from robertovargas-arm/doc-plat_try_next_boot_source
davidcunado-arm [Mon, 15 Jan 2018 23:58:52 +0000 (23:58 +0000)]
Merge pull request #1217 from robertovargas-arm/doc-plat_try_next_boot_source

Add documentation about plat_try_next_boot_source to bl1_platform_setup

6 years agoMerge pull request #1213 from masahir0y/uniphier
davidcunado-arm [Mon, 15 Jan 2018 23:58:20 +0000 (23:58 +0000)]
Merge pull request #1213 from masahir0y/uniphier

uniphier: clean-up platform makefile

6 years agoMerge pull request #1225 from dp-arm/dp/amu-remove-warn
davidcunado-arm [Mon, 15 Jan 2018 16:37:39 +0000 (16:37 +0000)]
Merge pull request #1225 from dp-arm/dp/amu-remove-warn

AMU: Remove unnecessary WARN()

6 years agoAMU: Remove unnecessary WARN()
Dimitris Papastamos [Mon, 15 Jan 2018 14:52:57 +0000 (14:52 +0000)]
AMU: Remove unnecessary WARN()

If AMU is not supported by the hardware but it is enabled in Trusted
Firmware, the console will be spammed with warnings every time a CPU
is brought up with a CPU ON call.

Remove the warning message as this is more in line with how other
extensions like SPE and SVE are handled.

Change-Id: Iba6d367e4d1375ab554d23d2eaceab3ae1362c5a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoMerge pull request #1197 from dp-arm/dp/amu
davidcunado-arm [Fri, 12 Jan 2018 09:02:24 +0000 (09:02 +0000)]
Merge pull request #1197 from dp-arm/dp/amu

AMUv1 support

6 years agoMerge pull request #1214 from dp-arm/dp/cve_2017_5715
davidcunado-arm [Thu, 11 Jan 2018 23:39:30 +0000 (23:39 +0000)]
Merge pull request #1214 from dp-arm/dp/cve_2017_5715

Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75

6 years agoMerge pull request #1222 from davidcunado-arm/dp/bl31_mem
davidcunado-arm [Thu, 11 Jan 2018 18:33:43 +0000 (18:33 +0000)]
Merge pull request #1222 from davidcunado-arm/dp/bl31_mem

Increase BL31 memory space by 2 pages

6 years agoIncrease BL31 memory space by 2 pages
Dimitris Papastamos [Thu, 11 Jan 2018 15:32:32 +0000 (15:32 +0000)]
Increase BL31 memory space by 2 pages

On some build configurations BL31 is running out of space.  Now that
TSP is moved to secure dram, we have a bit of additional space to use
in BL31.

Change-Id: Ib89fcd8bae99c85c9c5e5d9228bb42fb7048dcb6
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
6 years agoAdd hooks to save/restore AMU context for Cortex A75
Dimitris Papastamos [Mon, 11 Dec 2017 11:45:35 +0000 (11:45 +0000)]
Add hooks to save/restore AMU context for Cortex A75

Change-Id: I504d3f65ca5829bc1f4ebadb764931f8379ee81f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoAMU: Add hooks to save/restore AMU context
Dimitris Papastamos [Tue, 28 Nov 2017 13:47:06 +0000 (13:47 +0000)]
AMU: Add hooks to save/restore AMU context

On some systems, the AMU counters might reset to 0 when a CPU
powerdown happens.  This behaviour conflicts with the intended
use-case of AMU as lower ELs are only expected to see non-decreasing
counter values.

Change-Id: If25519965d4e6e47e09225d0e732947986cbb5ec
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoAMU: Add configuration helpers for aarch64
Dimitris Papastamos [Mon, 13 Nov 2017 09:49:45 +0000 (09:49 +0000)]
AMU: Add configuration helpers for aarch64

Add some AMU helper functions to allow configuring, reading and
writing of the Group 0 and Group 1 counters.  Documentation for these
helpers will come in a separate patch.

Change-Id: I656e070d2dae830c22414f694aa655341d4e2c40
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoAMU: Add plat interface to select which group 1 counters to enable
Dimitris Papastamos [Wed, 13 Dec 2017 10:54:37 +0000 (10:54 +0000)]
AMU: Add plat interface to select which group 1 counters to enable

A new platform macro `PLAT_AMU_GROUP1_COUNTERS_MASK` controls which
group 1 counters should be enabled. The maximum number of group 1
counters supported by AMUv1 is 16 so the mask can be at most 0xffff.
If the platform does not define this mask, no group 1 counters are
enabled.

A related platform macro `PLAT_AMU_GROUP1_NR_COUNTERS` is used by
generic code to allocate an array to save and restore the counters on
CPU suspend.

Change-Id: I6d135badf4846292de931a43bb563077f42bb47b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoAdd PubSub events for CPU powerdown/powerup
Dimitris Papastamos [Tue, 28 Nov 2017 15:16:00 +0000 (15:16 +0000)]
Add PubSub events for CPU powerdown/powerup

The suspend hook is published at the start of a CPU powerdown
operation.  The resume hook is published at the end of a CPU powerup
operation.

Change-Id: I50c05e2dde0d33834095ac41b4fcea4c161bb434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoUse PFR0 to identify need for mitigation of CVE-2017-5915
Dimitris Papastamos [Tue, 2 Jan 2018 15:53:01 +0000 (15:53 +0000)]
Use PFR0 to identify need for mitigation of CVE-2017-5915

If the CSV2 field reads as 1 then branch targets trained in one
context cannot affect speculative execution in a different context.
In that case skip the workaround on Cortex A75.

Change-Id: I4d5504cba516a67311fb5f0657b08f72909cbd38
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoWorkaround for CVE-2017-5715 on Cortex A73 and A75
Dimitris Papastamos [Mon, 18 Dec 2017 13:46:21 +0000 (13:46 +0000)]
Workaround for CVE-2017-5715 on Cortex A73 and A75

Invalidate the Branch Target Buffer (BTB) on entry to EL3 by
temporarily dropping into AArch32 Secure-EL1 and executing the
`BPIALL` instruction.

This is achieved by using 3 vector tables.  There is the runtime
vector table which is used to handle exceptions and 2 additional
tables which are required to implement this workaround.  The
additional tables are `vbar0` and `vbar1`.

The sequence of events for handling a single exception is
as follows:

1) Install vector table `vbar0` which saves the CPU context on entry
   to EL3 and sets up the Secure-EL1 context to execute in AArch32 mode
   with the MMU disabled and I$ enabled.  This is the default vector table.

2) Before doing an ERET into Secure-EL1, switch vbar to point to
   another vector table `vbar1`.  This is required to restore EL3 state
   when returning from the workaround, before proceeding with normal EL3
   exception handling.

3) While in Secure-EL1, the `BPIALL` instruction is executed and an
   SMC call back to EL3 is performed.

4) On entry to EL3 from Secure-EL1, the saved context from step 1) is
   restored.  The vbar is switched to point to `vbar0` in preparation to
   handle further exceptions.  Finally a branch to the runtime vector
   table entry is taken to complete the handling of the original
   exception.

This workaround is enabled by default on the affected CPUs.

NOTE
====

There are 4 different stubs in Secure-EL1.  Each stub corresponds to
an exception type such as Sync/IRQ/FIQ/SError.  Each stub will move a
different value in `R0` before doing an SMC call back into EL3.
Without this piece of information it would not be possible to know
what the original exception type was as we cannot use `ESR_EL3` to
distinguish between IRQs and FIQs.

Change-Id: I90b32d14a3735290b48685d43c70c99daaa4b434
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoWorkaround for CVE-2017-5715 on Cortex A57 and A72
Dimitris Papastamos [Thu, 30 Nov 2017 14:53:53 +0000 (14:53 +0000)]
Workaround for CVE-2017-5715 on Cortex A57 and A72

Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling
and enabling the MMU.  To achieve this without performing any branch
instruction, a per-cpu vbar is installed which executes the workaround
and then branches off to the corresponding vector entry in the main
vector table.  A side effect of this change is that the main vbar is
configured before any reset handling.  This is to allow the per-cpu
reset function to override the vbar setting.

This workaround is enabled by default on the affected CPUs.

Change-Id: I97788d38463a5840a410e3cea85ed297a1678265
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoxlat v2: Correctly unmap regions on map error
Antonio Nino Diaz [Fri, 5 Jan 2018 11:30:36 +0000 (11:30 +0000)]
xlat v2: Correctly unmap regions on map error

`mm_cursor` doesn't have the needed data because the `memmove()` that
is called right before it overwrites that information. In order to get
the information of the region that was being mapped, `mm` has to be used
instead (like it is done to fill the fields of `unmap_mm`).

If the incorrect information is read, this check isn't reliable and
`xlat_tables_unmap_region` may be requested to unmap memory that isn't
mapped at all, triggering assertions.

Change-Id: I602d4ac83095d4e5dac9deb34aa5d00d00e6c289
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
6 years agoMerge pull request #1176 from wjliang/zynqmp-ipi-mb-svc
davidcunado-arm [Wed, 10 Jan 2018 14:57:22 +0000 (14:57 +0000)]
Merge pull request #1176 from wjliang/zynqmp-ipi-mb-svc

plat: xilinx: Add ZynqMP IPI mailbox service [v4]

6 years agoAdd documentation about plat_try_next_boot_source to bl1_platform_setup
Roberto Vargas [Tue, 12 Dec 2017 10:39:44 +0000 (10:39 +0000)]
Add documentation about plat_try_next_boot_source to bl1_platform_setup

If boot redundancy is required in BL1 then the initialization
of the boot sequence must be done in bl1_platform_setup. In BL2,
we had to add a new function, bl2_preload_setup, because
bl2_platform_setup is called after the images are loaded, making it
invalid for the boot sequence initialization.

Change-Id: I5c177ff142608ed38b4192288b06614343b2b83b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
6 years agoMerge pull request #1208 from masahir0y/build
davidcunado-arm [Wed, 10 Jan 2018 01:10:51 +0000 (01:10 +0000)]
Merge pull request #1208 from masahir0y/build

Build: trivial fixes

6 years agoMerge pull request #1207 from hzhuang1/isp_clk
davidcunado-arm [Wed, 10 Jan 2018 00:21:25 +0000 (00:21 +0000)]
Merge pull request #1207 from hzhuang1/isp_clk

hikey960: set isp clks as unsecure mode

6 years agoHikey960: Fix hikey960 pcie mount fail
Kaihua Zhong [Tue, 9 Jan 2018 08:51:38 +0000 (16:51 +0800)]
Hikey960: Fix hikey960 pcie mount fail

Set IOC_AO_IOMG_033 function from GPIO213 to PCIE_CLKREQ_N

bit[0-2]:  000: GPIO_213;
           001: PCIE_CLKREQ_N;
           010: GPIO_018_SH;
           100: GPIO_014_SE;
           110: FAC_TEST24;
           111: FAC_TEST24;
bit[3-31]: reserved

Signed-off-by: Guangtao Zhang <zhangguangtao@hisilicon.com>
Tested-by: Yao Chen <chenyao11@huawei.com>
Acked-by: Haojian Zhuang <haojian.zhuang@linaro.org>
6 years agoMerge pull request #1167 from Leo-Yan/hikey-fix-alignment
davidcunado-arm [Tue, 9 Jan 2018 08:58:41 +0000 (08:58 +0000)]
Merge pull request #1167 from Leo-Yan/hikey-fix-alignment

Set alignment size to 512B for Hikey/Hikey960

6 years agozynqmp: pm_service: use zynqmp_ipi APIs
Wendy Liang [Wed, 4 Oct 2017 06:21:11 +0000 (23:21 -0700)]
zynqmp: pm_service: use zynqmp_ipi APIs

Use zynqmp_ipi APIs to access IPI registers in pm_service.
As the zynqmp_ipi APIs doesn't cover IPI buffers, the pm_ipi
in pm_service will still directly access the IPI buffers.

Signed-off-by: Wendy Liang <jliang@xilinx.com>
6 years agoAdd Xilinx ZynqMP IPI mailbox service
Wendy Liang [Wed, 6 Sep 2017 16:39:55 +0000 (09:39 -0700)]
Add Xilinx ZynqMP IPI mailbox service

Add IPI mailbox service to manage Xilinx ZynqMP IPI(Inter Processors
Interrupt) access.

Signed-off-by: Wendy Liang <jliang@xilinx.com>
6 years agoIntroduce ZynqMP IPI implementation
Wendy Liang [Wed, 13 Sep 2017 18:02:42 +0000 (11:02 -0700)]
Introduce ZynqMP IPI implementation

Previously, ZynqMP IPI in ATF is only for ZynqMP PM,
This patch is to have a ZynqMP IPI implementation to handle
both ZynqMP PM IPI requirement and IPI mailbox service requirement
which will be introduced next.

We control IPI agents registers access but not IPI buffers access in
this implementation. Each IPI mailbox user will directly access the
IPI buffers.

Signed-off-by: Wendy Liang <jliang@xilinx.com>
6 years agospd: tlkd: support for "NS memory ranges" function ID
Varun Wadekar [Mon, 8 Jan 2018 19:35:40 +0000 (11:35 -0800)]
spd: tlkd: support for "NS memory ranges" function ID

This patch adds support to receive function ID with NS world's
memory ranges to provide the memory snapshot to TLK.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
6 years agoMerge pull request #1202 from antonio-nino-diaz-arm/an/spm-secondary-cores
davidcunado-arm [Mon, 8 Jan 2018 22:59:37 +0000 (22:59 +0000)]
Merge pull request #1202 from antonio-nino-diaz-arm/an/spm-secondary-cores

SPM: Allow secondary CPUs to use the Secure Partition

6 years agoSPM: Allow secondary CPUs to use the Secure Partition
Antonio Nino Diaz [Mon, 8 Jan 2018 09:59:33 +0000 (09:59 +0000)]
SPM: Allow secondary CPUs to use the Secure Partition

The Secure Partition should be able to be used from any CPU, not just
the lead one. This patch point the secure contexts of all secondary
CPUs to the same one used by the lead CPU for the Secure Partition. This
way, they can also use it.

In order to prevent more than one CPU from using the Secure Partition at
the same time, a lock has been added.

Change-Id: Ica76373127c3626498b06c558a4874ce72201ff7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
6 years agoSPM: Move initialization flag to context struct
Antonio Nino Diaz [Mon, 18 Dec 2017 10:51:58 +0000 (10:51 +0000)]
SPM: Move initialization flag to context struct

Whether a Secure Partition is being initialized or not is something
related to that specific partition, so it should be saved with the
rest of the information related to it.

Change-Id: Ie8a780f70df83fb03ef9c01ba37960208d9b5319
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
6 years agouniphier: simplify GZIP compress rule
Masahiro Yamada [Thu, 4 Jan 2018 03:59:11 +0000 (12:59 +0900)]
uniphier: simplify GZIP compress rule

It is not necessary to read data from stdin.  The input file name
is ripped off by -n option, anyway.  I still use the redirect for
the output to specify the output file name.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoMerge pull request #1204 from davidcunado-arm/rv/fip_tool
davidcunado-arm [Wed, 3 Jan 2018 23:48:51 +0000 (23:48 +0000)]
Merge pull request #1204 from davidcunado-arm/rv/fip_tool

Add padding at the end of the last entry

6 years agoMerge pull request #1206 from davidcunado-arm/dc/update_userguide
davidcunado-arm [Wed, 3 Jan 2018 21:13:43 +0000 (21:13 +0000)]
Merge pull request #1206 from davidcunado-arm/dc/update_userguide

Update dependencies for ARM TF

6 years agodocs: Update the ToC end marker description in the document
Jett Zhou [Fri, 24 Nov 2017 08:03:58 +0000 (16:03 +0800)]
docs: Update the ToC end marker description in the document

Change-Id: I2e29a63f08aed3b8ea0bb10170a3d55b8d033e62
Signed-off-by: Jett Zhou <jett.zhou@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
6 years agoAdd padding at the end of the last entry
Roberto Vargas [Tue, 19 Dec 2017 11:56:57 +0000 (11:56 +0000)]
Add padding at the end of the last entry

This patch adds padding bytes at the end of the last image in the
fip to be able to transfer by DMA the last image.

Change-Id: I8c6f07dee389cb3d1dc919936d9d52841d7e5723
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Signed-off-by: David Cunado <david.cunado@arm.com>
6 years agoMerge pull request #1212 from dp-arm/dp/tsp_dram
davidcunado-arm [Wed, 3 Jan 2018 11:20:56 +0000 (11:20 +0000)]
Merge pull request #1212 from dp-arm/dp/tsp_dram

Move TSP to TZC secured DRAM

6 years agoMove TSP to TZC secured DRAM
Dimitris Papastamos [Tue, 2 Jan 2018 10:25:50 +0000 (10:25 +0000)]
Move TSP to TZC secured DRAM

To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM
by default.

Increase the BL31 max limit by one page.

Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
6 years agoMerge pull request #1203 from masahir0y/uniphier
davidcunado-arm [Sun, 24 Dec 2017 19:52:17 +0000 (19:52 +0000)]
Merge pull request #1203 from masahir0y/uniphier

uniphier: a bundle of fixes

6 years agoBuild: specify check_* targets as .PHONY
Masahiro Yamada [Sun, 24 Dec 2017 04:08:00 +0000 (13:08 +0900)]
Build: specify check_* targets as .PHONY

check_* targets just check necessary command line argument, not
build any images.  They should be specified as .PHONY.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoMerge pull request #1201 from jeenu-arm/sdei-plat-events
davidcunado-arm [Sun, 24 Dec 2017 10:58:53 +0000 (10:58 +0000)]
Merge pull request #1201 from jeenu-arm/sdei-plat-events

ARM platforms: Allow platforms to define SDEI events

6 years agoBuild: update comment lines for macros
Masahiro Yamada [Sat, 23 Dec 2017 14:56:18 +0000 (23:56 +0900)]
Build: update comment lines for macros

Commit 8f0617ef9e46 ("Apply TBBR naming convention to the fip_create
options") changed fiptool command options.  We often forget to update
documentation.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
6 years agoUpdate dependencies for ARM TF
David Cunado [Tue, 19 Dec 2017 16:33:25 +0000 (16:33 +0000)]
Update dependencies for ARM TF

ARM TF has been tested as part of its CI system with the following
dependencies updated:

- Linaro binaries:    17.04 --> 17.10
- mbed TLS library:   2.4.2 --> 2.6.0

The version of AEM, Cortex-A and Foundation models that ARM TF is
tested on has also been updated:

- v11.1 build 11.1:22 --> v11.2 build 11.2:33
- v8.9 build 0.8:8805 --> v9.0 build 0.8:9005

This patch updates the user guide documentation to reflect these
changes to the dependencies.

Additionally, links to Linaro resources have been updated.

Change-Id: I9ea5cb76e7443c9dbb0c9525069f450a02f59e58
Signed-off-by: David Cunado <david.cunado@arm.com>
6 years agoMerge pull request #1198 from antonio-nino-diaz-arm/an/spm-doc
davidcunado-arm [Wed, 20 Dec 2017 10:59:15 +0000 (10:59 +0000)]
Merge pull request #1198 from antonio-nino-diaz-arm/an/spm-doc

Add Secure Partition Manager (SPM) design document

7 years agouniphier: fix alignment of build log
Masahiro Yamada [Tue, 19 Dec 2017 16:37:15 +0000 (01:37 +0900)]
uniphier: fix alignment of build log

The build log should be indented with two spaces for correct alignment.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
7 years agouniphier: fix base address of IO block buffer
Masahiro Yamada [Tue, 19 Dec 2017 16:30:08 +0000 (01:30 +0900)]
uniphier: fix base address of IO block buffer

The current IO block buffer overlaps with BL2 image location.
So, BL2 may corrupt itself.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
7 years agodoc: uniphier: reformat reStructuredText manually
Masahiro Yamada [Tue, 19 Dec 2017 13:30:24 +0000 (22:30 +0900)]
doc: uniphier: reformat reStructuredText manually

Commit 6f6257476754 ("Convert documentation to reStructuredText")
automatically converted all documents by a tool.  I see some parts
were converted in an ugly way (or, at least, it is not my intention).
Also, the footnote is apparently broken.

I checked this document by my eyes, and reformated it so that it looks
nicer both in plain text and reST form.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
7 years agoMerge pull request #1196 from antonio-nino-diaz-arm/an/zero-pad
davidcunado-arm [Tue, 19 Dec 2017 21:51:08 +0000 (21:51 +0000)]
Merge pull request #1196 from antonio-nino-diaz-arm/an/zero-pad

Add support to left-pad with zeroes in tf_printf

7 years agoMerge pull request #1195 from davidcunado-arm/dc/fix_pie
davidcunado-arm [Tue, 19 Dec 2017 20:41:53 +0000 (20:41 +0000)]
Merge pull request #1195 from davidcunado-arm/dc/fix_pie

Disable PIE compilation option

7 years agoMerge pull request #1194 from robertovargas-arm/io-fix
davidcunado-arm [Tue, 19 Dec 2017 17:39:20 +0000 (17:39 +0000)]
Merge pull request #1194 from robertovargas-arm/io-fix

io: block: fix block_read/write may read/write overlap buffer

7 years agoMerge pull request #1192 from sandrine-bailleux-arm/sb/fix-mm-communicate
davidcunado-arm [Tue, 19 Dec 2017 15:58:32 +0000 (15:58 +0000)]
Merge pull request #1192 from sandrine-bailleux-arm/sb/fix-mm-communicate

SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters

7 years agoARM platforms: Allow platforms to define SDEI events
Jeenu Viswambharan [Fri, 8 Dec 2017 10:38:24 +0000 (10:38 +0000)]
ARM platforms: Allow platforms to define SDEI events

With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.

Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agoMerge pull request #1190 from vchong/poplar_hisi_review2
davidcunado-arm [Mon, 18 Dec 2017 14:28:46 +0000 (14:28 +0000)]
Merge pull request #1190 from vchong/poplar_hisi_review2

poplar: Add BL32 (OP-TEE) support and misc updates

7 years agohikey960: set isp clks as unsecure mode
Haojian Zhuang [Mon, 18 Dec 2017 01:45:37 +0000 (09:45 +0800)]
hikey960: set isp clks as unsecure mode

Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
7 years agoAdd support to left-pad with zeroes in tf_printf
Antonio Nino Diaz [Fri, 15 Dec 2017 10:36:20 +0000 (10:36 +0000)]
Add support to left-pad with zeroes in tf_printf

Add support to formats %i, %d, %p, %x and %u for left-padding numbers
with zeroes (e.g. `%08x`).

Change-Id: Ifd4795a82a8d83da2c00b44b9e482a2d9be797e3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoAdd Secure Partition Manager (SPM) design document
Antonio Nino Diaz [Fri, 15 Dec 2017 11:41:17 +0000 (11:41 +0000)]
Add Secure Partition Manager (SPM) design document

This patch adds documentation that describes the design of the Secure
Partition Manager and the specific choices in their current
implementation.

The document "SPM User Guide" has been integrated into the design
document.

Change-Id: I0a4f21a2af631c8aa6c739d97a5b634f3cb39991
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoDisable PIE compilation option
david cunado [Thu, 30 Nov 2017 21:58:01 +0000 (21:58 +0000)]
Disable PIE compilation option

ARM TF does not work correctly if built with a version of gcc
that is configured to use PIE by default (e.g. Debian Stretch).

This patch identifies when such a version of gcc is being used
(by searching for --enable-default-pie) and adds -fno-PIE option
to TF_CFLAGS.

fixes arm-software/tf-issues#519

Change-Id: I2322122c49841746d35d152694e14f6f73beb0fd
Signed-off-by: David Cunado <david.cunado@arm.com>
Co-Authored-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Steve Capper <steve.capper@arm.com>
Tested-by: Alexei Fedorov <alexei.fedorov@arm.com>
7 years agoMerge pull request #1104 from nmenon/dtb_build-v2
davidcunado-arm [Thu, 14 Dec 2017 22:11:06 +0000 (22:11 +0000)]
Merge pull request #1104 from nmenon/dtb_build-v2

Makefile: Add ability to build dtb (v2)

7 years agoio: block: fix block_read/write may read/write overlap buffer
Roberto Vargas [Thu, 23 Nov 2017 12:03:46 +0000 (12:03 +0000)]
io: block: fix block_read/write may read/write overlap buffer

The block operations were trying to optimize the number of memory
copies, and it tried to use directly the buffer supplied by the user
to them. This was a mistake because it created too many corner cases:

1- It was possible to generate unaligned
   operations to unaligned buffers. Drivers that were using
   DMA transfer failed in that case.

2- It was possible to generate read operations
   with sizes that weren't a multiple of the block size. Some
   low level drivers assumed that condition and they calculated
   the number of blocks dividing the number of bytes by the
   size of the block, without considering the remaining bytes.

3- The block_* operations didn't control the
   number of bytes actually copied to memory, because the
   low level drivers were writing directly to the user buffer.

This patch rewrite block_read and block_write to use always the device
buffer, which the platform ensures that has the correct aligment and
the correct size.

Change-Id: I5e479bb7bc137e6ec205a8573eb250acd5f40420
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
7 years agoSPM: Fix MM_COMMUNICATE_AARCH32/64 parameters
Sandrine Bailleux [Thu, 7 Dec 2017 09:48:56 +0000 (09:48 +0000)]
SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters

This partially reverts commit d6b532b50f8, keeping only the fixes to
the assertions. The changes related to the order of arguments passed
to the secure partition were not correct and violated the
specification of the SP_EVENT_COMPLETE SMC.

This patch also improves the MM_COMMUNICATE argument validation.  The
cookie argument, as it comes from normal world, can't be trusted and thus
needs to always be validated at run time rather than using an assertion.

Also validate the communication buffer address and return
INVALID_PARAMETER if it is zero, as per the MM specification.

Fix a few typos in comments and use the "secure partition" terminology
rather than "secure payload".

Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
7 years agopoplar: Add BL32 (OP-TEE) support
Victor Chong [Fri, 27 Oct 2017 16:59:41 +0000 (01:59 +0900)]
poplar: Add BL32 (OP-TEE) support

Signed-off-by: Victor Chong <victor.chong@linaro.org>
7 years agoPoplar: Initialize security properties of IP blocks.
Jiancheng Xue [Mon, 28 Aug 2017 10:55:43 +0000 (18:55 +0800)]
Poplar: Initialize security properties of IP blocks.

The security properties of some IP blocks are configured to secure mode
after reset. This means these IP blocks can only be accessed by cpus
in secure state by default. These should be configured correclty as needed.

Signed-off-by: y00241285 <yyangwei.yangwei@hisilicon.com>
Signed-off-by: Jiancheng Xue <xuejiancheng@hisilicon.com>
7 years agopoplar: Increase FIP_SIZE
Victor Chong [Fri, 27 Oct 2017 15:22:10 +0000 (00:22 +0900)]
poplar: Increase FIP_SIZE

This is currently the maximum allowed without affecting bootup.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
7 years agopoplar: Rename PLAT_ARM_NS_IMAGE_OFFSET
Victor Chong [Thu, 26 Oct 2017 15:09:14 +0000 (00:09 +0900)]
poplar: Rename PLAT_ARM_NS_IMAGE_OFFSET

to PLAT_POPLAR_NS_IMAGE_OFFSET

Signed-off-by: Victor Chong <victor.chong@linaro.org>
7 years agopoplar: Fix GPIO_MAX
Victor Chong [Thu, 19 Oct 2017 07:49:52 +0000 (16:49 +0900)]
poplar: Fix GPIO_MAX

Per
https://github.com/sdrobertw/Poplar/blob/master/HardwareDocs/Processor_Datasheet_v2XX.pdf
there are 13 groups of GPIO controllers, not 12.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
7 years agoMerge pull request #1178 from davidcunado-arm/dc/enable_sve
davidcunado-arm [Mon, 11 Dec 2017 12:29:47 +0000 (12:29 +0000)]
Merge pull request #1178 from davidcunado-arm/dc/enable_sve

Enable SVE for Non-secure world

7 years agoMerge pull request #1187 from antonio-nino-diaz-arm/an/spm-xlat-dram
davidcunado-arm [Sun, 10 Dec 2017 14:01:37 +0000 (14:01 +0000)]
Merge pull request #1187 from antonio-nino-diaz-arm/an/spm-xlat-dram

SPM: Move S-EL1/S-EL0 xlat tables to TZC DRAM

7 years agoMerge pull request #1184 from antonio-nino-diaz-arm/an/bl31-in-dram
davidcunado-arm [Sat, 9 Dec 2017 23:10:24 +0000 (23:10 +0000)]
Merge pull request #1184 from antonio-nino-diaz-arm/an/bl31-in-dram

fvp: Disable SYSTEM_SUSPEND when ARM_BL31_IN_DRAM

7 years agoMerge pull request #1183 from jeenu-arm/sdei-reset-fix
davidcunado-arm [Sat, 9 Dec 2017 20:42:25 +0000 (20:42 +0000)]
Merge pull request #1183 from jeenu-arm/sdei-reset-fix

SDEI: Fix return value of reset calls

7 years agoMerge pull request #1186 from antonio-nino-diaz-arm/an/poplar-doc
davidcunado-arm [Sat, 9 Dec 2017 15:22:48 +0000 (15:22 +0000)]
Merge pull request #1186 from antonio-nino-diaz-arm/an/poplar-doc

poplar: Fix format of documentation

7 years agoMerge pull request #1182 from soby-mathew/sm/opt_tbbr_flush
davidcunado-arm [Sat, 9 Dec 2017 15:16:00 +0000 (15:16 +0000)]
Merge pull request #1182 from soby-mathew/sm/opt_tbbr_flush

Unify cache flush code path after image load

7 years agoMerge pull request #1181 from soby-mathew/sm/el3_payload_tzc_permissions
davidcunado-arm [Sat, 9 Dec 2017 10:13:11 +0000 (10:13 +0000)]
Merge pull request #1181 from soby-mathew/sm/el3_payload_tzc_permissions

ARM Platforms: Change the TZC access permissions for EL3 payload

7 years agoMerge pull request #1180 from sandrine-bailleux-arm/sb/spm-rename
davidcunado-arm [Sat, 9 Dec 2017 09:36:09 +0000 (09:36 +0000)]
Merge pull request #1180 from sandrine-bailleux-arm/sb/spm-rename

Rename some macros in SPM code

7 years agoMerge pull request #1179 from paulkocialkowski/integration
davidcunado-arm [Sat, 9 Dec 2017 08:43:02 +0000 (08:43 +0000)]
Merge pull request #1179 from paulkocialkowski/integration

rockchip: Include stdint header in plat_sip_calls.c

7 years agoMerge pull request #1174 from antonio-nino-diaz-arm/an/page-size
davidcunado-arm [Fri, 8 Dec 2017 16:29:19 +0000 (16:29 +0000)]
Merge pull request #1174 from antonio-nino-diaz-arm/an/page-size

Replace magic numbers in linkerscripts by PAGE_SIZE

7 years agoMerge pull request #1171 from Leo-Yan/hikey960-change-use-recommend-state-id
davidcunado-arm [Wed, 6 Dec 2017 22:20:05 +0000 (22:20 +0000)]
Merge pull request #1171 from Leo-Yan/hikey960-change-use-recommend-state-id

Hikey960: Change to use recommended power state id format

7 years agoMerge pull request #1185 from danh-arm/dh/rk-maint
davidcunado-arm [Wed, 6 Dec 2017 21:08:48 +0000 (21:08 +0000)]
Merge pull request #1185 from danh-arm/dh/rk-maint

 Miscellaneous fixes to maintainers.rst

7 years agoMiscellaneous fixes to maintainers.rst
Dan Handley [Wed, 6 Dec 2017 10:13:17 +0000 (10:13 +0000)]
Miscellaneous fixes to maintainers.rst

* Update the RockChip sub-maintainer from rkchrome to rockchip-linux
in maintainers.rst.

* Add missing documentation files and change extensions from `md` to `rst`.

* Add sub-maintainer for Socionext UniPhier platform.

Change-Id: I7f498316acb0f7947c6432dbe14988e61a8903fe
Co-Authored-By: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
7 years agoSPM: Move S-EL1/S-EL0 xlat tables to TZC DRAM
Antonio Nino Diaz [Fri, 17 Nov 2017 11:48:55 +0000 (11:48 +0000)]
SPM: Move S-EL1/S-EL0 xlat tables to TZC DRAM

A new platform define, `PLAT_SP_IMAGE_XLAT_SECTION_NAME`, has been
introduced to select the section where the translation tables used by
the S-EL1/S-EL0 are placed.

This define has been used to move the translation tables to DRAM secured
by TrustZone.

Most of the extra needed space in BL31 when SPM is enabled is due to the
large size of the translation tables. By moving them to this memory
region we can save 44 KiB.

A new argument has been added to REGISTER_XLAT_CONTEXT2() to specify the
region where the translation tables have to be placed by the linker.

Change-Id: Ia81709b4227cb8c92601f0caf258f624c0467719
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoMerge pull request #1177 from sivadur/master
davidcunado-arm [Wed, 6 Dec 2017 13:59:58 +0000 (13:59 +0000)]
Merge pull request #1177 from sivadur/master

Update Xilinx maintainer details

7 years agopoplar: Fix format of documentation
Antonio Nino Diaz [Wed, 6 Dec 2017 10:33:15 +0000 (10:33 +0000)]
poplar: Fix format of documentation

The document was being rendered incorrectly.

Change-Id: I6e243d17d7cb6247f91698bc195eb0f6efeb7d17
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agofvp: Disable SYSTEM_SUSPEND when ARM_BL31_IN_DRAM
Antonio Nino Diaz [Wed, 22 Nov 2017 12:00:44 +0000 (12:00 +0000)]
fvp: Disable SYSTEM_SUSPEND when ARM_BL31_IN_DRAM

After returning from SYSTEM_SUSPEND state, BL31 reconfigures the
TrustZone Controller during the boot sequence. If BL31 is placed in
TZC-secured DRAM, it will try to change the permissions of the memory it
is being executed from, causing an exception.

The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has
been compiled with ``ARM_BL31_IN_DRAM=1``.

Change-Id: I96dc50decaacd469327c6b591d07964726e58db4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoSPM: Remove ARM platforms header from SPM common code
Antonio Nino Diaz [Fri, 24 Nov 2017 16:43:15 +0000 (16:43 +0000)]
SPM: Remove ARM platforms header from SPM common code

Common code mustn't include ARM platforms headers.

Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoSDEI: Fix return value of reset calls
Jeenu Viswambharan [Thu, 30 Nov 2017 10:25:10 +0000 (10:25 +0000)]
SDEI: Fix return value of reset calls

At present, both SDEI_PRIVATE_RESET and SDEI_SHARED_RESET returns
SDEI_PENDING if they fail to unregister an event. The SDEI specification
however requires that the APIs return SDEI_EDENY in these cases. This
patch fixes the return codes for the reset APIs.

Change-Id: Ic14484c91fa8396910387196c256d1ff13d03afd
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agoHikey960: Change to use recommended power state id format
Leo Yan [Fri, 24 Nov 2017 06:19:51 +0000 (14:19 +0800)]
Hikey960: Change to use recommended power state id format

ARM Power State Coordination Interface (ARM DEN 0022D) chapter
6.5 "Recommended StateID Encoding" defines the state ID which can be
used by platforms. The recommended power states can be presented by
below values; and it divides into three fields, every field has 4 bits
to present power states corresponding to core level, cluster level and
system level.

  0: Run
  1: Standby
  2: Retention
  3: Powerdown

This commit changes to use upper recommended power states definition on
Hikey960; and changes the power state validate function to check the
power state passed from kernel side.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
7 years agoMerge pull request #1157 from antonio-nino-diaz-arm/an/rpi3
davidcunado-arm [Tue, 5 Dec 2017 23:26:40 +0000 (23:26 +0000)]
Merge pull request #1157 from antonio-nino-diaz-arm/an/rpi3

Introduce AArch64 Raspberry Pi 3 port

7 years agoUnify cache flush code path after image load
Soby Mathew [Fri, 10 Nov 2017 13:14:40 +0000 (13:14 +0000)]
Unify cache flush code path after image load

Previously the cache flush happened in 2 different places in code
depending on whether TRUSTED_BOARD_BOOT is enabled or not. This
patch unifies this code path for both the cases. The `load_image()`
function is now made an internal static function.

Change-Id: I96a1da29d29236bbc34b1c95053e6a9a7fc98a54
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
7 years agoARM Platforms: Change the TZC access permissions for EL3 payload
Soby Mathew [Mon, 13 Nov 2017 08:29:45 +0000 (08:29 +0000)]
ARM Platforms: Change the TZC access permissions for EL3 payload

This patch allows non-secure bus masters to access TZC region0 as well
as the EL3 Payload itself.

Change-Id: I7e44f2673a2992920d41503fb4c57bd7fb30747a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
7 years agoSPM: Rename SP_COMMUNICATE macros
Sandrine Bailleux [Fri, 1 Dec 2017 09:44:21 +0000 (09:44 +0000)]
SPM: Rename SP_COMMUNICATE macros

Rename SP_COMMUNICATE_AARCH32/AARCH64 into MM_COMMUNICATE_AARCH32/AARCH64
to align with the MM specification [1].

[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf

Change-Id: I478aa4024ace7507d14a5d366aa8e20681075b03
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
7 years agoSPM: Rename SP_MEM_ATTR*** defines
Antonio Nino Diaz [Fri, 1 Dec 2017 14:12:43 +0000 (14:12 +0000)]
SPM: Rename SP_MEM_ATTR*** defines

The defines have been renamed to match the names used in the
documentation.

Change-Id: I2f18b65112d2db040a89d5a8522e9790c3e21628
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoMerge pull request #1168 from matt2048/master
davidcunado-arm [Mon, 4 Dec 2017 22:39:40 +0000 (22:39 +0000)]
Merge pull request #1168 from matt2048/master

Replace macro ASM_ASSERTION with macro ENABLE_ASSERTIONS

7 years agorockchip: Include stdint header in plat_sip_calls.c
Paul Kocialkowski [Sat, 2 Dec 2017 15:41:38 +0000 (16:41 +0100)]
rockchip: Include stdint header in plat_sip_calls.c

This includes the stdint header to declare the various types used within
the file, preventing build errors with recent GCC versions.

Change-Id: I9e7e92bb31deb58d4ff2732067dd88b53124bcc9
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
7 years agorpi3: Add documentation of Raspberry Pi 3 port
Antonio Nino Diaz [Fri, 1 Dec 2017 11:11:26 +0000 (11:11 +0000)]
rpi3: Add documentation of Raspberry Pi 3 port

Added design documentation and usage guide for the AArch64 port of the
Arm Trusted Firmware to the Raspberry Pi 3.

Change-Id: I1be60fbbd54c797b48a1bcebfb944d332616a0de
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agorpi3: Introduce AArch64 Raspberry Pi 3 port
Antonio Nino Diaz [Mon, 6 Nov 2017 14:49:04 +0000 (14:49 +0000)]
rpi3: Introduce AArch64 Raspberry Pi 3 port

This port can be compiled to boot an AArch64 or AArch32 payload with the
build option `RPI3_BL33_AARCH32`.

Note: This is not a secure port of the Trusted Firmware. This port is
only meant to be a reference implementation to experiment with an
inexpensive board in real hardware.

Change-Id: Ide58114299289bf765ef1366199eb05c46f81903
Co-authored-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoMerge pull request #1175 from soby-mathew/sm/juno-a32-bl32-changes
davidcunado-arm [Fri, 1 Dec 2017 00:31:09 +0000 (00:31 +0000)]
Merge pull request #1175 from soby-mathew/sm/juno-a32-bl32-changes

Fix issues for AArch32 builds on ARM platforms

7 years agoDo not enable SVE on pre-v8.2 platforms
David Cunado [Tue, 31 Oct 2017 23:19:21 +0000 (23:19 +0000)]
Do not enable SVE on pre-v8.2 platforms

Pre-v8.2 platforms such as the Juno platform does not have
the Scalable Vector Extensions implemented and so the build
option ENABLE_SVE is set to zero.

This has a minor performance improvement with no functional
impact.

Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1
Signed-off-by: David Cunado <david.cunado@arm.com>
7 years agoEnable SVE for Non-secure world
David Cunado [Fri, 20 Oct 2017 10:30:57 +0000 (11:30 +0100)]
Enable SVE for Non-secure world

This patch adds a new build option, ENABLE_SVE_FOR_NS, which when set
to one EL3 will check to see if the Scalable Vector Extension (SVE) is
implemented when entering and exiting the Non-secure world.

If SVE is implemented, EL3 will do the following:

- Entry to Non-secure world: SIMD, FP and SVE functionality is enabled.

- Exit from Non-secure world: SIMD, FP and SVE functionality is
  disabled. As SIMD and FP registers are part of the SVE Z-registers
  then any use of SIMD / FP functionality would corrupt the SVE
  registers.

The build option default is 1. The SVE functionality is only supported
on AArch64 and so the build option is set to zero when the target
archiecture is AArch32.

This build option is not compatible with the CTX_INCLUDE_FPREGS - an
assert will be raised on platforms where SVE is implemented and both
ENABLE_SVE_FOR_NS and CTX_INCLUDE_FPREGS are set to 1.

Also note this change prevents secure world use of FP&SIMD registers on
SVE-enabled platforms. Existing Secure-EL1 Payloads will not work on
such platforms unless ENABLE_SVE_FOR_NS is set to 0.

Additionally, on the first entry into the Non-secure world the SVE
functionality is enabled and the SVE Z-register length is set to the
maximum size allowed by the architecture. This includes the use case
where EL2 is implemented but not used.

Change-Id: Ie2d733ddaba0b9bef1d7c9765503155188fe7dae
Signed-off-by: David Cunado <david.cunado@arm.com>
7 years agoUpdate Xilinx maintainer details
Siva Durga Prasad Paladugu [Thu, 30 Nov 2017 04:51:20 +0000 (10:21 +0530)]
Update Xilinx maintainer details

This patch updates Xilinx maintainers details
as sorenb is no more the maintainer for xilinx
and the email id is invalid now.

Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>