project/bcm63xx/atf.git
7 years agorockchip: Build m0 firmware without standard libraries
Patrick Georgi [Wed, 4 Jan 2017 18:06:14 +0000 (19:06 +0100)]
rockchip: Build m0 firmware without standard libraries

Depending on the compiler used, it might try to link in libc even though
it's not required. Stop it from doing that.

Signed-off-by: Patrick Georgi <pgeorgi@google.com>
7 years agoMerge pull request #798 from douglas-raillard-arm/dr/fix_std_smc_after_suspend
davidcunado-arm [Fri, 23 Dec 2016 11:20:16 +0000 (11:20 +0000)]
Merge pull request #798 from douglas-raillard-arm/dr/fix_std_smc_after_suspend

Abort preempted TSP STD SMC after PSCI CPU suspend

7 years agoAbort preempted TSP STD SMC after PSCI CPU suspend
Douglas Raillard [Thu, 24 Nov 2016 15:43:19 +0000 (15:43 +0000)]
Abort preempted TSP STD SMC after PSCI CPU suspend

Standard SMC requests that are handled in the secure-world by the Secure
Payload can be preempted by interrupts that must be handled in the
normal world. When the TSP is preempted the secure context is stored and
control is passed to the normal world to handle the non-secure
interrupt. Once completed the preempted secure context is restored. When
restoring the preempted context, the dispatcher assumes that the TSP
preempted context is still stored as the SECURE context by the context
management library.

However, PSCI power management operations causes synchronous entry into
TSP. This overwrites the preempted SECURE context in the context
management library. When restoring back the SECURE context, the Secure
Payload crashes because this context is not the preempted context
anymore.

This patch avoids corruption of the preempted SECURE context by aborting
any preempted SMC during PSCI power management calls. The
abort_std_smc_entry hook of the TSP is called when aborting the SMC
request.

It also exposes this feature as a FAST SMC callable from normal world to
abort preempted SMC with FID TSP_FID_ABORT.

Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
7 years agoMerge pull request #794 from douglas-raillard-arm/dr/fix_TSP_STD_FID_macro
danh-arm [Wed, 21 Dec 2016 09:58:56 +0000 (09:58 +0000)]
Merge pull request #794 from douglas-raillard-arm/dr/fix_TSP_STD_FID_macro

Fix TSP_STD_FID macro

7 years agoFix TSP_STD_FID macro
Douglas Raillard [Mon, 12 Dec 2016 14:37:34 +0000 (14:37 +0000)]
Fix TSP_STD_FID macro

Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros.
Also remove an undefined behavior by using unsigned literals.

Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce272
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
7 years agoMerge pull request #792 from masahir0y/zynqmp
danh-arm [Tue, 20 Dec 2016 17:00:59 +0000 (17:00 +0000)]
Merge pull request #792 from masahir0y/zynqmp

zynqmp: add "override" directive to mandatory options

7 years agoMerge pull request #791 from jeenu-arm/asm-assert-32
danh-arm [Tue, 20 Dec 2016 17:00:32 +0000 (17:00 +0000)]
Merge pull request #791 from jeenu-arm/asm-assert-32

AArch32: Print ASM_ASSERT and panic messages

7 years agozynqmp: add "override" directive to mandatory options
Masahiro Yamada [Mon, 19 Dec 2016 08:41:47 +0000 (17:41 +0900)]
zynqmp: add "override" directive to mandatory options

The platform.mk sets build options required for ZynqMP, but users
can still change them from the command line, like:

  make PLAT=zynqmp RESET_TO_BL31=0 CROSS_COMPILE=...

Then, the makefile shows an error message in that case:
  Using BL31 as the reset vector is only one option supported on ZynqMP.
  Please set RESET_TO_BL31 to 1.

If the option is not user-configurable, the makefile can specify
"override" to prevent users from changing it.  We do not need the
error message for the case that never happens.

Likewise, ENABLE_PLAT_COMPAT := 0 and PROGRAMMABLE_RESET_ADDRESS := 1
are mandatory to avoid build error.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
7 years agoMerge pull request #788 from jeenu-arm/cpuops-framework
danh-arm [Tue, 20 Dec 2016 12:27:58 +0000 (12:27 +0000)]
Merge pull request #788 from jeenu-arm/cpuops-framework

Add provision to extend CPU operations at more levels

7 years agoMerge pull request #793 from jeenu-arm/gic-changes
danh-arm [Tue, 20 Dec 2016 12:26:23 +0000 (12:26 +0000)]
Merge pull request #793 from jeenu-arm/gic-changes

GIC driver changes for extended power management

7 years agoMerge pull request #783 from danh-arm/sb/bl1-fwu-copy
Dan Handley [Tue, 20 Dec 2016 11:45:15 +0000 (11:45 +0000)]
Merge pull request #783 from danh-arm/sb/bl1-fwu-copy

7 years agoImprove FWU documentation
Sandrine Bailleux [Fri, 11 Nov 2016 16:58:59 +0000 (16:58 +0000)]
Improve FWU documentation

 - Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the
   Firmware Update guide. Also extend the list of pre-conditions to
   include the additional input validation implemented by previous
   patches.

 - Improve documentation of bl1_plat_mem_check() in the porting
   guide. It now specifies that the generic FWU code protects
   bl1_plat_mem_check() from integer overflows resulting from
   the addition of the base address and size passed in arguments.

Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
7 years agoFix integer overflows in BL1 FWU code
Sandrine Bailleux [Fri, 11 Nov 2016 16:44:37 +0000 (16:44 +0000)]
Fix integer overflows in BL1 FWU code

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.

As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.

Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory

Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
7 years agoAdd some debug assertions in BL1 FWU copy code
Sandrine Bailleux [Mon, 14 Nov 2016 14:58:05 +0000 (14:58 +0000)]
Add some debug assertions in BL1 FWU copy code

These debug assertions sanity check the state of the internal
FWU state machine data when resuming an incomplete image copy
operation.

Change-Id: I38a125b0073658c3e2b4b1bdc623ec221741f43e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
7 years agobl1_fwu_image_copy() refactoring
Sandrine Bailleux [Mon, 14 Nov 2016 14:56:51 +0000 (14:56 +0000)]
bl1_fwu_image_copy() refactoring

This patch refactors the code of the function handling a FWU_AUTH_COPY
SMC in BL1. All input validation has been moved upfront so it is now
shared between the RESET and COPYING states.

Change-Id: I6a86576b9ce3243c401c2474fe06f06687a70e2f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
7 years agoMinor refactoring of BL1 FWU code
Sandrine Bailleux [Fri, 11 Nov 2016 15:56:20 +0000 (15:56 +0000)]
Minor refactoring of BL1 FWU code

This patch introduces no functional change, it just changes
the serial console output.

 - Improve accuracy of error messages by decoupling some
   error cases;

 - Improve comments;

 - Move declaration of 'mem_layout' local variable closer to
   where it is used and make it const;

 - Rename a local variable to clarify whether it is a source
   or a destination address (base_addr -> dest_addr).

Change-Id: I349fcf053e233f316310892211d49e35ef2c39d9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
7 years agoExport is_mem_free() function
Sandrine Bailleux [Tue, 8 Nov 2016 14:27:10 +0000 (14:27 +0000)]
Export is_mem_free() function

The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.

Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
7 years agoMerge pull request #785 from dp-arm/dp/nvcounter
Dan Handley [Tue, 20 Dec 2016 11:36:54 +0000 (11:36 +0000)]
Merge pull request #785 from dp-arm/dp/nvcounter

7 years agoMerge pull request #781 from yatharth-arm/yk/aarch64_tbbr_load_img_v2
danh-arm [Mon, 19 Dec 2016 15:39:55 +0000 (15:39 +0000)]
Merge pull request #781 from yatharth-arm/yk/aarch64_tbbr_load_img_v2

Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1

7 years agoMerge pull request #779 from dp-arm/dp/rtinstr-cache
danh-arm [Mon, 19 Dec 2016 15:39:33 +0000 (15:39 +0000)]
Merge pull request #779 from dp-arm/dp/rtinstr-cache

Add two timestamps to measure PSCI cache flush overhead

7 years agoMerge pull request #778 from antonio-nino-diaz-arm/an/xlat-fixes
danh-arm [Mon, 19 Dec 2016 15:39:01 +0000 (15:39 +0000)]
Merge pull request #778 from antonio-nino-diaz-arm/an/xlat-fixes

Fixes and improvements to translation tables library

7 years agoAArch32: Print ASM_ASSERT and panic messages
Jeenu Viswambharan [Mon, 28 Nov 2016 09:59:27 +0000 (09:59 +0000)]
AArch32: Print ASM_ASSERT and panic messages

ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.

Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agoMerge pull request #786 from davidcunado-arm/dc/update_foundation_model
danh-arm [Thu, 15 Dec 2016 17:49:49 +0000 (17:49 +0000)]
Merge pull request #786 from davidcunado-arm/dc/update_foundation_model

Update Foundation Model version

7 years agoMerge pull request #782 from antonio-nino-diaz-arm/an/fix-copyright
danh-arm [Thu, 15 Dec 2016 17:49:21 +0000 (17:49 +0000)]
Merge pull request #782 from antonio-nino-diaz-arm/an/fix-copyright

Fix incorrect copyright notices

7 years agoUpdate Foundation Model version
David Cunado [Tue, 6 Dec 2016 17:35:09 +0000 (17:35 +0000)]
Update Foundation Model version

Foundation Model release 10.2 has been made available and Trusted
Firmware has been tested against that it as part of its CI system.

This patch updates the user guide documentation to reflect the version
of Foundation Model that Trusted Firmware has been tested against.

Change-Id: I8571e1027b24892b41d04b93b24245a371ca2cae
Signed-off-by: David Cunado <david.cunado@arm.com>
7 years agoAdd provision to extend CPU operations at more levels
Jeenu Viswambharan [Fri, 18 Nov 2016 12:58:28 +0000 (12:58 +0000)]
Add provision to extend CPU operations at more levels

Various CPU drivers in ARM Trusted Firmware register functions to handle
power-down operations. At present, separate functions are registered to
power down individual cores and clusters.

This scheme operates on the basis of core and cluster, and doesn't cater
for extending the hierarchy for power-down operations. For example,
future CPUs might support multiple threads which might need powering
down individually.

This patch therefore reworks the CPU operations framework to allow for
registering power down handlers on specific level basis. Henceforth:

  - Generic code invokes CPU power down operations by the level
    required.

  - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no
    reset function.

  - CPU drivers register power down handlers as a list: a mandatory
    handler for level 0, and optional handlers for higher levels.

All existing CPU drivers are adapted to the new CPU operations framework
without needing any functional changes within.

Also update firmware design guide.

Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agotbbr: Fix updating of Non-Trusted NV counter
dp-arm [Mon, 12 Dec 2016 14:48:13 +0000 (14:48 +0000)]
tbbr: Fix updating of Non-Trusted NV counter

The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate.  This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.

The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.

Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.

A new optional platform API has been introduced, named
plat_set_nv_ctr2().  Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters.  A default weak implementation is available
that just calls into plat_set_nv_ctr().

Fixes ARM-software/tf-issues#426

Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agoFVP: Avail GIC Redistributor power management
Jeenu Viswambharan [Fri, 9 Dec 2016 11:14:34 +0000 (11:14 +0000)]
FVP: Avail GIC Redistributor power management

Earlier patches introduced GIC Redistributor power management for ARM
platforms. This patch modifies FVP power management to power down
Redistributor during CPU power on/off.

Change-Id: I2adb9c50a7dd750019fe3b4e576b5d5fc364bffb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agoIntroduce ARM platform APIs for GICv3 Redistributor
Jeenu Viswambharan [Fri, 9 Dec 2016 11:12:34 +0000 (11:12 +0000)]
Introduce ARM platform APIs for GICv3 Redistributor

As with other ARM platform GIC APIs, these directly invoke the GICv3
driver APIs for Redistributor power management.

For the sake of uniform GIC API, empty stubs are placed for those GIC
drivers that lack Redistributor component.

Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agoGICv3: Introduce power management APIs for Redistributor
Jeenu Viswambharan [Fri, 9 Dec 2016 11:03:15 +0000 (11:03 +0000)]
GICv3: Introduce power management APIs for Redistributor

Some GICv3 implementations have provision for power management
operations at Redistributor level. This patch introduces and provides
place-holders for Redistributor power management. The default
implementations are empty stubs, but are weakly bound so as to enable
implementation-specific drivers to override them.

Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agoMerge pull request #780 from douglas-raillard-arm/dr/fix_asm_signed_comparison
danh-arm [Wed, 14 Dec 2016 15:59:18 +0000 (15:59 +0000)]
Merge pull request #780 from douglas-raillard-arm/dr/fix_asm_signed_comparison

Fix integer comparison in memcpy16

7 years agoEnable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1
Yatharth Kochar [Fri, 11 Nov 2016 13:57:50 +0000 (13:57 +0000)]
Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1

This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.

This patch also enables LOAD_IMAGE_V2 for ARM platforms.

Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
7 years agoFix incorrect copyright notices
Antonio Nino Diaz [Wed, 14 Dec 2016 14:31:32 +0000 (14:31 +0000)]
Fix incorrect copyright notices

Some files have incorrect copyright notices, this patch fixes all
files with deviations from the standard notice.

Change-Id: I66b73e78a50a235acb55f1e2ec2052a42c0570d2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoFix integer comparison in memcpy16
Douglas Raillard [Fri, 2 Dec 2016 13:56:06 +0000 (13:56 +0000)]
Fix integer comparison in memcpy16

Unsigned conditions should be used instead of signed ones when comparing
addresses or sizes in assembly.

Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Change-Id: Id3bd9ccaf58c37037761af35ac600907c4bb0580

7 years agoAdd two timestamps to measure PSCI cache flush overhead
dp-arm [Tue, 15 Nov 2016 13:25:30 +0000 (13:25 +0000)]
Add two timestamps to measure PSCI cache flush overhead

Testing showed that the time spent in a cluster power down
operation is dominated by cache flushes.  Add two more timestamps
in runtime instrumentation to keep track of the time spent
flushing the L1/L2 caches.

Change-Id: I4c5a04e7663543225a85d3c6b271d7b706deffc4
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agoMerge pull request #777 from jeenu-arm/format-fix
danh-arm [Wed, 14 Dec 2016 09:25:53 +0000 (09:25 +0000)]
Merge pull request #777 from jeenu-arm/format-fix

Docs: Fix monospace formatting in user guide

7 years agoMerge pull request #776 from dp-arm/dp/memcmp-fix
danh-arm [Wed, 14 Dec 2016 09:25:39 +0000 (09:25 +0000)]
Merge pull request #776 from dp-arm/dp/memcmp-fix

stdlib: Fix signedness issue in memcmp()

7 years agoMerge pull request #775 from soby-mathew/sm/AArch32_stack_align
danh-arm [Wed, 14 Dec 2016 09:25:15 +0000 (09:25 +0000)]
Merge pull request #775 from soby-mathew/sm/AArch32_stack_align

AArch32: Fix the stack alignment issue

7 years agoForbid block descriptors in initial xlat table levels
Antonio Nino Diaz [Tue, 13 Dec 2016 15:02:31 +0000 (15:02 +0000)]
Forbid block descriptors in initial xlat table levels

In AArch64, depending on the granularity of the translation tables,
level 0 and/or level 1 of the translation tables may not support block
descriptors, only table descriptors.

This patch introduces a check to make sure that, even if theoretically
it could be possible to create a block descriptor to map a big memory
region, a new subtable will be created to describe its mapping.

Change-Id: Ieb9c302206bfa33fbaf0cdc6a5a82516d32ae2a7
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoARM platforms: Replace address space size defines
Antonio Nino Diaz [Tue, 13 Dec 2016 13:48:31 +0000 (13:48 +0000)]
ARM platforms: Replace address space size defines

The now deprecated ADDR_SPACE_SIZE has been replaced by the two
defines PLAT_PHY_ADDR_SPACE_SIZE and PLAT_VIRT_ADDR_SPACE_SIZE.

Change-Id: I027a2f02f47ab2f679b8979a6dbfb0f08270a1a4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoAdd PLAT_xxx_ADDR_SPACE_SIZE definitions
Antonio Nino Diaz [Tue, 13 Dec 2016 15:28:54 +0000 (15:28 +0000)]
Add PLAT_xxx_ADDR_SPACE_SIZE definitions

Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and
`PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical
and virtual address space size a platform can use.

`ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any
of the previous defines aren't present, the value of `ADDR_SPACE_SIZE`
will be used instead.

For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the
max PA supported by the hardware and to verify that the previously
mentioned definition is valid. For AArch32, a 40 bit physical
address space is considered.

Added asserts to check for overflows.

Porting guide updated.

Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoAssert correct granularity when mapping a PA
Antonio Nino Diaz [Thu, 8 Dec 2016 16:03:46 +0000 (16:03 +0000)]
Assert correct granularity when mapping a PA

Each translation table level entry can only map a given virtual
address onto physical addresses of the same granularity. For example,
with the current configuration, a level 2 entry maps blocks of 2 MB,
so the physical address must be aligned to 2 MB. If the address is not
aligned, the MMU will just ignore the lower bits.

This patch adds an assertion to make sure that physical addresses are
always aligned to the correct boundary.

Change-Id: I0ab43df71829d45cdbe323301b3053e08ca99c2c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
7 years agoDocs: Fix monospace formatting in user guide
Jeenu Viswambharan [Fri, 9 Dec 2016 13:36:43 +0000 (13:36 +0000)]
Docs: Fix monospace formatting in user guide

Change-Id: I28b2790ff2f87b9fe3cf1020e59e1e0a00be6f97
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agostdlib: Fix signedness issue in memcmp()
dp-arm [Tue, 6 Dec 2016 15:20:25 +0000 (15:20 +0000)]
stdlib: Fix signedness issue in memcmp()

There is no guarantee on the signedness of char.  It can be either
signed or unsigned.  On ARM it is unsigned and hence this memcmp()
implementation works as intended.

On other machines, char can be signed (x86 for example).  In that case
(and assuming a 2's complement implementation), interpreting a
bit-pattern of 0xFF as signed char can yield -1.  If *s1 is 0 and *s2
is 255 then the difference *s1 - *s2 should be negative.  The C
integer promotion rules guarantee that the unsigned chars will be
converted to int before the operation takes place.  The current
implementation will return a positive value (0 - (-1)) instead, which
is wrong.

Fix it by changing the signedness to unsigned to avoid surprises for
anyone using this code on non-ARM systems.

Change-Id: Ie222fcaa7c0c4272d7a521a6f2f51995fd5130cc
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agoAArch32: Fix the stack alignment issue
Soby Mathew [Tue, 6 Dec 2016 12:10:51 +0000 (12:10 +0000)]
AArch32: Fix the stack alignment issue

The AArch32 Procedure call Standard mandates that the stack must be aligned
to 8 byte boundary at external interfaces. This patch does the required
changes.

This problem was detected when a crash was encountered in
`psci_print_power_domain_map()` while printing 64 bit values. Aligning
the stack to 8 byte boundary resolved the problem.

Fixes ARM-Software/tf-issues#437

Change-Id: I517bd8203601bb88e9311bd36d477fb7b3efb292
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
7 years agoMerge pull request #774 from jeenu-arm/no-return-macro
danh-arm [Mon, 12 Dec 2016 14:29:01 +0000 (14:29 +0000)]
Merge pull request #774 from jeenu-arm/no-return-macro

Define and use no_ret macro where no return is expected

7 years agoMerge pull request #773 from dp-arm/dp/fiptool-enhancements
danh-arm [Thu, 8 Dec 2016 12:33:06 +0000 (12:33 +0000)]
Merge pull request #773 from dp-arm/dp/fiptool-enhancements

Various fiptool enhancements and bug fixes

7 years agoMerge pull request #772 from davidcunado-arm/dc/reset_debug_reg
danh-arm [Thu, 8 Dec 2016 12:30:11 +0000 (12:30 +0000)]
Merge pull request #772 from davidcunado-arm/dc/reset_debug_reg

Reset EL2 and EL3 configurable controls

7 years agoMerge pull request #770 from yatharth-arm/yk/AArch32_fixes
danh-arm [Thu, 8 Dec 2016 12:20:21 +0000 (12:20 +0000)]
Merge pull request #770 from yatharth-arm/yk/AArch32_fixes

AArch32: Miscellaneous fixes in the AArch32 code

7 years agoMerge pull request #767 from antonio-nino-diaz-arm/an/cache-flush
danh-arm [Thu, 8 Dec 2016 12:19:25 +0000 (12:19 +0000)]
Merge pull request #767 from antonio-nino-diaz-arm/an/cache-flush

Optimize cache flush when authenticating images

7 years agoMerge pull request #766 from soby-mathew/sm/scpi_reorg
danh-arm [Thu, 8 Dec 2016 12:18:52 +0000 (12:18 +0000)]
Merge pull request #766 from soby-mathew/sm/scpi_reorg

Introduce SCP power management abstraction

7 years agoAllow ARM Standard platforms to dynamically define PSCI capability
Soby Mathew [Fri, 21 Oct 2016 16:51:22 +0000 (17:51 +0100)]
Allow ARM Standard platforms to dynamically define PSCI capability

The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
Standard platforms statically define this structure. However, some
platforms may want to modify the hooks at runtime before registering
them with the generic layer.

This patch introduces a new ARM platform layer API
`plat_arm_psci_override_pm_ops` which allows the platform to probe
the power controller and modify `plat_arm_psci_pm_ops` if required.
Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
`const` on ARM Standard platforms.

Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
7 years agoIntroduce SCP power management abstraction
Soby Mathew [Fri, 21 Oct 2016 10:34:59 +0000 (11:34 +0100)]
Introduce SCP power management abstraction

This patch introduces an additional layer of abstraction between
CSS power management hooks and the SCPI driver. A new set of APIs
are introduced in order to abstract out power management operations
from underlying communication mechanism with the SCP.

The SCPI and the associated MHU drivers are moved into a `drivers`
folder in CSS. The new SCP communication abstraction layer is added
in the `drivers/scp` folder. The existing CSS power management
uses the new APIs to reflect this abstraction.

Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
7 years agoDefine and use no_ret macro where no return is expected
Jeenu Viswambharan [Wed, 30 Nov 2016 15:21:11 +0000 (15:21 +0000)]
Define and use no_ret macro where no return is expected

There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.

This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.

Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
7 years agofiptool: Provide malloc/strdup wrappers to simplify error checking
dp-arm [Fri, 4 Nov 2016 10:56:25 +0000 (10:56 +0000)]
fiptool: Provide malloc/strdup wrappers to simplify error checking

Change-Id: Ie3e43e9f7d31df40a5997047b9bddec0a06fd47f
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agofiptool: Use getopt for the top level command parsing
dp-arm [Mon, 7 Nov 2016 10:45:59 +0000 (10:45 +0000)]
fiptool: Use getopt for the top level command parsing

Change-Id: I18a4327e41fc090dcea9a647f7673182ca0ed1d9
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agofiptool: Initialize opt_index to 0 for getopt(3)
dp-arm [Mon, 7 Nov 2016 11:13:54 +0000 (11:13 +0000)]
fiptool: Initialize opt_index to 0 for getopt(3)

Change-Id: I62c1a636eb0d9f73fa3a6356e32b5a44f268d421
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agofiptool: Constify various function params
dp-arm [Fri, 4 Nov 2016 10:52:25 +0000 (10:52 +0000)]
fiptool: Constify various function params

Additionally, remove the -o option for the create command
as it is not supported.

Change-Id: I27993a6fc5e3b0b9710e2ec5322e4296bc87d0df
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
7 years agoReset EL2 and EL3 configurable controls
David Cunado [Fri, 25 Nov 2016 00:21:59 +0000 (00:21 +0000)]
Reset EL2 and EL3 configurable controls

This patch resets EL2 and EL3 registers that have architecturally
UNKNOWN values on reset and that also provide EL2/EL3 configuration
and trap controls.

Specifically, the EL2 physical timer is disabled to prevent timer
interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32,
respectively.

Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of
non-secure access to certain system registers at EL1 or lower.

For AArch32, the patch also reverts the reset to SDCR which was
incorrectly added in a previous change.

Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f
Signed-off-by: David Cunado <david.cunado@arm.com>
7 years agoMerge pull request #771 from geesun/C99
davidcunado-arm [Thu, 1 Dec 2016 15:59:59 +0000 (15:59 +0000)]
Merge pull request #771 from geesun/C99

For C99 compliance, changed the unsigned char/short bitfield to unsigned int bitfields

7 years agoemmc/sd: for C99 compliance, changed the unsigned char/short bitfield to unsigned...
Qixiang.Xu [Thu, 17 Nov 2016 03:58:18 +0000 (11:58 +0800)]
emmc/sd: for C99 compliance, changed the unsigned char/short bitfield to unsigned int bitfields

C99 restricts bitfields type is signed and unsigned integer or _Bool.
See section 6.7.2.1 Structure and union specifiers.
"A bit-field shall have a type that is a qualified or unqualified version
 of _Bool, signed int, unsigned int, or some other implementation-defined type."

Since the compiler packs bitfields anyways, actual data layout in the structure is unaffected.

Signed-off-by: Alex Nemirovsky <alex.nemirovsky@cortina-access.com>
7 years agoAArch32: Miscellaneous fixes in the AArch32 code
Yatharth Kochar [Wed, 9 Nov 2016 15:39:25 +0000 (15:39 +0000)]
AArch32: Miscellaneous fixes in the AArch32 code

This patch makes following miscellaneous fixes:
* pl011_console.S: Fixed the bit mask used to check if the
  transmit FIFO is full or empty.
* smcc_macros.S: Added `_fsxc` suffix while updating the SPSR.
  By default the assembler assumes `_fc` suffix which does not
  update all the fields in SPSR. By adding `_fsxc` suffix all
  the fields gets updated.
* platform_helpers.S: Removed the weak definition for
  `plat_my_core_pos()` as this is a mandatory function which
  needs to be defined by all platforms.

Change-Id: I8302292533c943686fff8d7c749a07132c052a3b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
7 years agoMerge pull request #769 from sandrine-bailleux-arm/sb/trusty-assert-init
davidcunado-arm [Thu, 1 Dec 2016 10:08:17 +0000 (10:08 +0000)]
Merge pull request #769 from sandrine-bailleux-arm/sb/trusty-assert-init

Check Trusty is present during the SPD's initialization

7 years agoMerge pull request #761 from soby-mathew/sm/bakery_lock_fixes
davidcunado-arm [Wed, 30 Nov 2016 17:38:41 +0000 (17:38 +0000)]
Merge pull request #761 from soby-mathew/sm/bakery_lock_fixes

Fix normal memory bakery lock implementation

7 years agoCheck Trusty is present during the SPD's initialization
Sandrine Bailleux [Wed, 30 Nov 2016 11:24:01 +0000 (11:24 +0000)]
Check Trusty is present during the SPD's initialization

Add a debug assertion in the initialization function of Trusty's SPD
to check for the presence of Trusty. If Trusty is absent then the SPD's
setup function already detects it and returns an error code so the init
function will never been called. Therefore, a debug assertion is enough
to catch this improbable error case.

Change-Id: Id20013e9291cdeef7827b919de2a22455f6cd9f9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
7 years agoOptimize cache flush when authenticating images
Antonio Nino Diaz [Tue, 22 Nov 2016 10:58:30 +0000 (10:58 +0000)]
Optimize cache flush when authenticating images

When loading and authenticating an image, all parent images must also
be authenticated. The parent images are just certificates that don't
need to be used by any other CPU except the one loading the image, and
so there is no need to flush the cache of memory regions where they
are loaded.

Change-Id: Ice8d6979d1c02eabf1a543281ae1a07d098e4a99
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
8 years agoMerge pull request #765 from Xilinx/rk3399-cfi
davidcunado-arm [Fri, 25 Nov 2016 09:42:37 +0000 (09:42 +0000)]
Merge pull request #765 from Xilinx/rk3399-cfi

rk3399: Add CFI debug information to SRAM functions

8 years agork3399: Add CFI debug information to SRAM functions
Soren Brinkmann [Thu, 24 Nov 2016 22:04:38 +0000 (14:04 -0800)]
rk3399: Add CFI debug information to SRAM functions

Commit b91d935feebdf2c3edef19949023645b6cb34b20
("Add CFI debug frame information for ASM functions") modifies the
assembly macros 'func' and 'endfunc' to include CFI debug frame
information.

The rockchip platform uses a custom version of the 'func' macro with the
common 'endfunc' macro. The custom macro wasn't updated in
b91d935feebdf2c3edef19949023645b6cb34b20 resulting in the following
build error:
  plat/rockchip/rk3399/drivers/pmu/plat_pmu_macros.S: Assembler messages:
  plat/rockchip/rk3399/drivers/pmu/plat_pmu_macros.S:155: Error: .cfi_endproc without corresponding .cfi_startproc
  Makefile:532: recipe for target 'build/rk3399/release/bl31/plat_helpers.o' failed
  make: *** [build/rk3399/release/bl31/plat_helpers.o] Error 1

Fixing this by updating the sram_func macro in the rk3399 port.

Fixes: b91d935feebdf2c3edef19949023645b6cb34b20 ("Add CFI debug frame information for ASM functions")
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agoMerge pull request #763 from douglas-raillard-arm/dr/add_debug_frame_info
danh-arm [Wed, 23 Nov 2016 18:16:15 +0000 (18:16 +0000)]
Merge pull request #763 from douglas-raillard-arm/dr/add_debug_frame_info

Add CFI debug frame information for ASM functions

8 years agoMerge pull request #764 from sandrine-bailleux-arm/sb/fix-trusty-build
danh-arm [Wed, 23 Nov 2016 18:15:36 +0000 (18:15 +0000)]
Merge pull request #764 from sandrine-bailleux-arm/sb/fix-trusty-build

Minor fixes in the Trusty SPD code

8 years agoFix a coding style issue in trusty.c
Sandrine Bailleux [Wed, 23 Nov 2016 10:53:07 +0000 (10:53 +0000)]
Fix a coding style issue in trusty.c

This patch fixes the following coding style error reported
by the checkpatch.pl script:

  Bad function definition - void el3_exit() should probably
  be void el3_exit(void)

There is another one but it's a false positive so there's no
point in fixing it:

  space prohibited after that '&' (ctx:WxW)
  +#define SMC_NR(entity, fn, fastcall, smc64) ((((fastcall) & 0x1) << 31) | \
                                                            ^
Change-Id: I34de0337c7216dabd16395879f13845a60ee6df0

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
8 years agoFix compilation warning in Trusty SPD
Sandrine Bailleux [Wed, 23 Nov 2016 09:50:53 +0000 (09:50 +0000)]
Fix compilation warning in Trusty SPD

In release builds, the Trusty SPD fails to build because of an unused
variable. Note that this warning message doesn't show in debug builds
because INFO() messages are not compiled out like in release mode.

This patch fixes this issue by removing this variable and using its
value in place directly in the INFO() macro call.

Change-Id: I1f552421181a09412315eef4eaca586012022018
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
8 years agoMerge pull request #762 from douglas-raillard-arm/dr/doc_build_info
danh-arm [Tue, 22 Nov 2016 10:49:57 +0000 (10:49 +0000)]
Merge pull request #762 from douglas-raillard-arm/dr/doc_build_info

Clarify dependency for PSCI_EXTENDED_STATE_ID

8 years agoMerge pull request #760 from Xilinx/zynqmp-2016-11
danh-arm [Tue, 22 Nov 2016 10:47:51 +0000 (10:47 +0000)]
Merge pull request #760 from Xilinx/zynqmp-2016-11

ZynqMP Updates

8 years agoMerge pull request #755 from vwadekar/trusty-spd
danh-arm [Tue, 22 Nov 2016 10:47:34 +0000 (10:47 +0000)]
Merge pull request #755 from vwadekar/trusty-spd

spd: dispatcher for interacting with the Trusty TEE

8 years agoClarify dependency for PSCI_EXTENDED_STATE_ID
Douglas Raillard [Mon, 7 Nov 2016 17:29:34 +0000 (17:29 +0000)]
Clarify dependency for PSCI_EXTENDED_STATE_ID

Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC
that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM
platforms. Also clarify the build error message.

Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agoFix normal memory bakery lock implementation
Soby Mathew [Mon, 14 Nov 2016 17:19:35 +0000 (17:19 +0000)]
Fix normal memory bakery lock implementation

This patch fixes an issue in the normal memory bakery lock
implementation. During assertion of lock status, there is a possibility
that the assertion could fail. This is because the previous update done
to the lock status by the owning CPU when not participating in cache
coherency could result in stale data in the cache due to cache maintenance
operations not propagating to all the caches. This patch fixes this issue
by doing an extra read cache maintenance operation prior to the assertion.

Fixes ARM-software/tf-issues#402

Change-Id: I0f38a7c52476a4f58e17ebe0141d256d198be88d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
8 years agoAdd CFI debug frame information for ASM functions
Douglas Raillard [Mon, 21 Nov 2016 14:12:32 +0000 (14:12 +0000)]
Add CFI debug frame information for ASM functions

This allows the debugger to print the callstack when there is an
assembly function in the callstack.

It will work as long as the CFA pointer (frame pointer) location is not
modified (i.e. x29 is not touched in AArch64 state). It is the case in
almost all assembly functions, so this patch improves the average
debugging experience. Call stacks from the debugger should still be
interpreted with care. In more complex functions, one could use .cfi*
directives to inform the debugger about the new location of the CFA
pointer.

Change-Id: I9dabfbc033b45e8528e67f4823c17de7bf02fa24
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agoMerge pull request #759 from douglas-raillard-arm/dr/cosmetic_vectors_tables
danh-arm [Mon, 21 Nov 2016 16:40:29 +0000 (16:40 +0000)]
Merge pull request #759 from douglas-raillard-arm/dr/cosmetic_vectors_tables

Cosmetic change to exception table

8 years agoMerge pull request #758 from douglas-raillard-arm/dr/doc_interrupt_handler
danh-arm [Mon, 21 Nov 2016 16:38:11 +0000 (16:38 +0000)]
Merge pull request #758 from douglas-raillard-arm/dr/doc_interrupt_handler

Docs: Clarify IRQ/FIQ handler API in Interrupt Design Guide

8 years agoDocs: Clarify IRQ/FIQ handler API in Interrupt Design Guide
Douglas Raillard [Wed, 9 Nov 2016 14:02:13 +0000 (14:02 +0000)]
Docs: Clarify IRQ/FIQ handler API in Interrupt Design Guide

The API description currently states that interrupt handlers
(interrupt_type_handler_t pointers) SHOULD return a pointer
to the target cpu_context.

This patch rewords the description of the interrupts handlers to state
that it MUST return a pointer to the target security context. It also
warns about potential portability issue. Specifically, this pointer is
not used on AArch64 and calls to context library APIs must be used to
ask BL31 to return to a specific context. However, this could change in
the future and interrupt handlers must always return the pointer.

Change-Id: I3f82a046de4d7a5b51a8cbebe7eb2a00dbbdb4f0
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agozynqmp: pm: Add SiP call to obtain PM callback data
Soren Brinkmann [Fri, 30 Sep 2016 21:24:25 +0000 (14:24 -0700)]
zynqmp: pm: Add SiP call to obtain PM callback data

The callback IRQ is delivered to the NS OS. Provide an interface to
allow the NS OS to obtain the callback data from the secure HW.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agozynqmp: pm: Enable IPI IRQ when API version is probed
Soren Brinkmann [Fri, 30 Sep 2016 18:30:21 +0000 (11:30 -0700)]
zynqmp: pm: Enable IPI IRQ when API version is probed

The IPI hardware is secure and managed by ATF, nevertheless we deliver
the IRQ to the rich OS. The IRQ is needed to receive PM callbacks.
Enable the IPI interrupt when the rich OS probes the API version.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agozynqmp: Remove dead code
Soren Brinkmann [Wed, 16 Nov 2016 23:50:14 +0000 (15:50 -0800)]
zynqmp: Remove dead code

Remove dead code pieces and stale comments.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agozynqmp: Fix UART1 base address
Soren Brinkmann [Fri, 27 May 2016 15:56:53 +0000 (08:56 -0700)]
zynqmp: Fix UART1 base address

Cc: Michal Simek <michal.simek@xilinx.com>
Reported-by: Jonas Karlsson <jonas.karlsson@atero.se>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
8 years agozynqmp: PM: Migrate to new shutdown interface
Soren Brinkmann [Fri, 2 Sep 2016 16:50:54 +0000 (09:50 -0700)]
zynqmp: PM: Migrate to new shutdown interface

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agozynqmp: pm: Plumb get_chipid through FW interface
Soren Brinkmann [Thu, 22 Sep 2016 19:21:11 +0000 (12:21 -0700)]
zynqmp: pm: Plumb get_chipid through FW interface

Use the PMUFW get_chipid call to obtain IDCODE and version register.

Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agozynqmp: pm: Allow obtaining additional return values from FW
Soren Brinkmann [Thu, 22 Sep 2016 18:35:47 +0000 (11:35 -0700)]
zynqmp: pm: Allow obtaining additional return values from FW

Allow reading more than just a single value from the message buffer.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
8 years agozynqmp: Do not alter system counter
Soren Brinkmann [Fri, 16 Sep 2016 17:31:06 +0000 (10:31 -0700)]
zynqmp: Do not alter system counter

On ZynqMP the FSBL will configure the system counter. Hence, remove the
initialization of the system counter with hardcoded values from the ATF
and use the setup provided by the bootloader.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
8 years agozynqmp: Read silicon ID register only once
Soren Brinkmann [Fri, 16 Sep 2016 17:34:47 +0000 (10:34 -0700)]
zynqmp: Read silicon ID register only once

The silicon ID does not change at runtime. Skip the IO access if the
ID has been read before.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
8 years agoMerge pull request #757 from douglas-raillard-arm/dr/doc_plat_psci_ops
danh-arm [Wed, 16 Nov 2016 11:36:01 +0000 (11:36 +0000)]
Merge pull request #757 from douglas-raillard-arm/dr/doc_plat_psci_ops

Document plat_psci_ops.(system_off|system_reset)

8 years agoMerge pull request #756 from douglas-raillard-arm/dr/doc_fix_link_fw_design
danh-arm [Wed, 16 Nov 2016 11:35:49 +0000 (11:35 +0000)]
Merge pull request #756 from douglas-raillard-arm/dr/doc_fix_link_fw_design

firmware-design.md: Fix broken link

8 years agoMerge pull request #754 from davidcunado-arm/dc/reset_debug_reg
danh-arm [Wed, 16 Nov 2016 11:35:31 +0000 (11:35 +0000)]
Merge pull request #754 from davidcunado-arm/dc/reset_debug_reg

Reset debug registers MDCR-EL3/SDCR and MDCR_EL2/HDCR

8 years agoCosmetic change to exception table
Douglas Raillard [Wed, 9 Nov 2016 17:48:27 +0000 (17:48 +0000)]
Cosmetic change to exception table

* Move comments on unhandled exceptions at the right place.
* Reformat the existing comments to highlight the start of
  each block of 4 entries in the exception table to ease
  navigation (lines of dash reserved for head comments).
* Reflow comments to 80 columns.

Change-Id: I5ab88a93d0628af8e151852cb5b597eb34437677
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agofirmware-design.md: Fix broken link
Douglas Raillard [Wed, 9 Nov 2016 14:00:04 +0000 (14:00 +0000)]
firmware-design.md: Fix broken link

Fix a link broken by a missing space that turned
it into a link to an non-existent anchor.

Change-Id: Ie863e963db28afa3a28b69d3f63bd7638bdf5af9
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agoDocument plat_psci_ops.(system_off|system_reset)
Douglas Raillard [Mon, 31 Oct 2016 13:26:03 +0000 (13:26 +0000)]
Document plat_psci_ops.(system_off|system_reset)

fixes ARM-Software/tf-issues#346

Change-Id: I946c8eab650bba7407775462ce91f394d767e079
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agoReset debug registers MDCR-EL3/SDCR and MDCR_EL2/HDCR
David Cunado [Mon, 31 Oct 2016 17:37:34 +0000 (17:37 +0000)]
Reset debug registers MDCR-EL3/SDCR and MDCR_EL2/HDCR

In order to avoid unexpected traps into EL3/MON mode, this patch
resets the debug registers, MDCR_EL3 and MDCR_EL2 for AArch64,
and SDCR and HDCR for AArch32.

MDCR_EL3/SDCR is zero'ed when EL3/MON mode is entered, at the
start of BL1 and BL31/SMP_MIN.

For MDCR_EL2/HDCR, this patch zero's the bits that are
architecturally UNKNOWN values on reset. This is done when
exiting from EL3/MON mode but only on platforms that support
EL2/HYP mode but choose to exit to EL1/SVC mode.

Fixes ARM-software/tf-issues#430

Change-Id: Idb992232163c072faa08892251b5626ae4c3a5b6
Signed-off-by: David Cunado <david.cunado@arm.com>
8 years agoMerge pull request #753 from douglas-raillard-arm/dr/readme_linaro_release
danh-arm [Wed, 9 Nov 2016 15:38:26 +0000 (15:38 +0000)]
Merge pull request #753 from douglas-raillard-arm/dr/readme_linaro_release

readme.md: Add tested Linaro release information for FVPs

8 years agoreadme.md: Add tested Linaro release information for FVPs
Douglas Raillard [Wed, 26 Oct 2016 10:32:41 +0000 (11:32 +0100)]
readme.md: Add tested Linaro release information for FVPs

The platform testing information in the readme currently states which
Linaro release has been tested on Juno platform.

This patch adds the same information for the AArch64/32 FVPs platforms.

Change-Id: Ifa89843ee1744e5030367197648b7a2f4c44cc24
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
8 years agospd: dispatcher for interacting with the Trusty TEE
Varun Wadekar [Tue, 8 Nov 2016 23:46:48 +0000 (15:46 -0800)]
spd: dispatcher for interacting with the Trusty TEE

This patch adds the secure payload dispatcher for interacting
with Google's Trusty TEE. Documentation for Trusty can be found
at https://source.android.com/security/trusty

Original authors:
-----------------
* Arve Hjønnevåg <arve@android.com>
* Michael Ryleev <gmar@google.com>

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>