Merge pull request #453 from yatharth-arm/yk/fwu-6

Firmware Update patch stack

Merge pull request #453 from yatharth-arm/yk/fwu-6
Firmware Update patch stack
ab5a53ef · danh-arm · 0e288c92 · 0191262d · ab5a53ef · ab5a53ef
Commit ab5a53ef authored Dec 09, 2015 by danh-arm
--- a/bl31/context_mgmt.c
+++ b/bl31/context_mgmt.c
@@ -32,14 +32,12 @@
 #include <arch_helpers.h>
 #include <assert.h>
 #include <bl_common.h>
-#include <bl31.h>
 #include <context.h>
 #include <context_mgmt.h>
-#include <cpu_data.h>
 #include <interrupt_mgmt.h>
 #include <platform.h>
 #include <platform_def.h>
-#include <runtime_svc.h>
+#include <smcc_helpers.h>
 #include <string.h>
@@ -64,105 +62,6 @@ void cm_init(void)
 	 */
 }
-/*******************************************************************************
- * This function returns a pointer to the most recent 'cpu_context' structure
- * for the CPU identified by `cpu_idx` that was set as the context for the
- * specified security state. NULL is returned if no such structure has been
- * specified.
- ******************************************************************************/
-void *cm_get_context_by_index(unsigned int cpu_idx,
-				unsigned int security_state)
-{
-	assert(sec_state_is_valid(security_state));
-	return get_cpu_data_by_index(cpu_idx, cpu_context[security_state]);
-}
-/*******************************************************************************
- * This function sets the pointer to the current 'cpu_context' structure for the
- * specified security state for the CPU identified by CPU index.
- ******************************************************************************/
-void cm_set_context_by_index(unsigned int cpu_idx, void *context,
-				unsigned int security_state)
-{
-	assert(sec_state_is_valid(security_state));
-	set_cpu_data_by_index(cpu_idx, cpu_context[security_state], context);
-}
-#if !ERROR_DEPRECATED
-/*
- * These context management helpers are deprecated but are maintained for use
- * by SPDs which have not migrated to the new API. If ERROR_DEPRECATED
- * is enabled, these are excluded from the build so as to force users to
- * migrate to the new API.
- */
-/*******************************************************************************
- * This function returns a pointer to the most recent 'cpu_context' structure
- * for the CPU identified by MPIDR that was set as the context for the specified
- * security state. NULL is returned if no such structure has been specified.
- ******************************************************************************/
-void *cm_get_context_by_mpidr(uint64_t mpidr, uint32_t security_state)
-{
-	assert(sec_state_is_valid(security_state));
-	return cm_get_context_by_index(platform_get_core_pos(mpidr), security_state);
-}
-/*******************************************************************************
- * This function sets the pointer to the current 'cpu_context' structure for the
- * specified security state for the CPU identified by MPIDR
- ******************************************************************************/
-void cm_set_context_by_mpidr(uint64_t mpidr, void *context, uint32_t security_state)
-{
-	assert(sec_state_is_valid(security_state));
-	cm_set_context_by_index(platform_get_core_pos(mpidr),
-						 context, security_state);
-}
-/*******************************************************************************
- * The following function provides a compatibility function for SPDs using the
- * existing cm library routines. This function is expected to be invoked for
- * initializing the cpu_context for the CPU specified by MPIDR for first use.
- ******************************************************************************/
-void cm_init_context(unsigned long mpidr, const entry_point_info_t *ep)
-{
-	if ((mpidr & MPIDR_AFFINITY_MASK) ==
-			(read_mpidr_el1() & MPIDR_AFFINITY_MASK))
-		cm_init_my_context(ep);
-	else
-		cm_init_context_by_index(platform_get_core_pos(mpidr), ep);
-}
-#endif
-/*******************************************************************************
- * This function is used to program the context that's used for exception
- * return. This initializes the SP_EL3 to a pointer to a 'cpu_context' set for
- * the required security state
- ******************************************************************************/
-static inline void cm_set_next_context(void *context)
-{
-#if DEBUG
-	uint64_t sp_mode;
-	/*
-	 * Check that this function is called with SP_EL0 as the stack
-	 * pointer
-	 */
-	__asm__ volatile("mrs	%0, SPSel\n"
-			 : "=r" (sp_mode));
-	assert(sp_mode == MODE_SP_EL0);
-#endif
-	__asm__ volatile("msr	spsel, #1\n"
-			 "mov	sp, %0\n"
-			 "msr	spsel, #0\n"
-			 : : "r" (context));
-}
 /*******************************************************************************
 * The following function initializes the cpu_context 'ctx' for
 * first use, and sets the initial entrypoint state as specified by the
@@ -212,7 +111,13 @@ static void cm_init_context_common(cpu_context_t *ctx, const entry_point_info_t
 	if (EP_GET_ST(ep->h.attr))
 		scr_el3 |= SCR_ST_BIT;
+#if IMAGE_BL31
+	/*
+	 * IRQ/FIQ bits only need setting if interrupt routing
+	 * model has been set up for BL31.
+	 */
 	scr_el3 |= get_scr_el3_from_routing_model(security_state);
+#endif
 	/*
 	 * Set up SCTLR_ELx for the target exception level:

--- a/drivers/auth/tbbr/tbbr_cot.c
+++ b/drivers/auth/tbbr/tbbr_cot.c
@@ -89,6 +89,12 @@ static auth_param_type_desc_t bl32_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, BL32_HASH_OID);
 static auth_param_type_desc_t bl33_hash = AUTH_PARAM_TYPE_DESC(
 		AUTH_PARAM_HASH, BL33_HASH_OID);
+static auth_param_type_desc_t scp_bl2u_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, SCP_BL2U_HASH_OID);
+static auth_param_type_desc_t bl2u_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, BL2U_HASH_OID);
+static auth_param_type_desc_t ns_bl2u_hash = AUTH_PARAM_TYPE_DESC(
+		AUTH_PARAM_HASH, NS_BL2U_HASH_OID);
 /*
 * TBBR Chain of trust definition
@@ -438,6 +444,99 @@ static const auth_img_desc_t cot_desc[] = {
 				}
 			}
 		}
+	},
+	/*
+	 * FWU auth descriptor.
+	 */
+	[FWU_CERT_ID] = {
+		.img_id = FWU_CERT_ID,
+		.img_type = IMG_CERT,
+		.parent = NULL,
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_SIG,
+				.param.sig = {
+					.pk = &subject_pk,
+					.sig = &sig,
+					.alg = &sig_alg,
+					.data = &raw_data,
+				}
+			}
+		},
+		.authenticated_data = {
+			[0] = {
+				.type_desc = &scp_bl2u_hash,
+				.data = {
+					.ptr = (void *)plat_bl30_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			},
+			[1] = {
+				.type_desc = &bl2u_hash,
+				.data = {
+					.ptr = (void *)plat_bl2_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			},
+			[2] = {
+				.type_desc = &ns_bl2u_hash,
+				.data = {
+					.ptr = (void *)plat_bl33_hash_buf,
+					.len = (unsigned int)HASH_DER_LEN
+				}
+			}
+		}
+	},
+	/*
+	 * SCP_BL2U
+	 */
+	[SCP_BL2U_IMAGE_ID] = {
+		.img_id = SCP_BL2U_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[FWU_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &scp_bl2u_hash,
+				}
+			}
+		}
+	},
+	/*
+	 * BL2U
+	 */
+	[BL2U_IMAGE_ID] = {
+		.img_id = BL2U_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[FWU_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &bl2u_hash,
+				}
+			}
+		}
+	},
+	/*
+	 * NS_BL2U
+	 */
+	[NS_BL2U_IMAGE_ID] = {
+		.img_id = NS_BL2U_IMAGE_ID,
+		.img_type = IMG_RAW,
+		.parent = &cot_desc[FWU_CERT_ID],
+		.img_auth_methods = {
+			[0] = {
+				.type = AUTH_METHOD_HASH,
+				.param.hash = {
+					.data = &raw_data,
+					.hash = &ns_bl2u_hash,
+				}
+			}
+		}
 	}
 };

--- a/include/bl1/bl1.h
+++ b/include/bl1/bl1.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef __BL1_FWU_H__
+#define __BL1_FWU_H__
+#include <bl_common.h>
+/*
+ * Defines for BL1 SMC function ids.
+ */
+#define BL1_SMC_CALL_COUNT		0x0
+#define BL1_SMC_UID			0x1
+/* SMC #0x2 reserved */
+#define BL1_SMC_VERSION			0x3
+/*
+ * Corresponds to the function ID of the SMC that
+ * the BL1 exception handler service to execute BL31.
+ */
+#define BL1_SMC_RUN_IMAGE		0x4
+/*
+ * BL1 SMC version
+ */
+#define BL1_SMC_MAJOR_VER		0x0
+#define BL1_SMC_MINOR_VER		0x1
+/*
+ * Defines for FWU SMC function ids.
+ */
+#define FWU_SMC_IMAGE_COPY		0x10
+#define FWU_SMC_IMAGE_AUTH		0x11
+#define FWU_SMC_IMAGE_EXECUTE		0x12
+#define FWU_SMC_IMAGE_RESUME		0x13
+#define FWU_SMC_SEC_IMAGE_DONE		0x14
+#define FWU_SMC_UPDATE_DONE		0x15
+/*
+ * Number of FWU calls (above) implemented
+ */
+#define FWU_NUM_SMC_CALLS		6
+#if TRUSTED_BOARD_BOOT
+# define BL1_NUM_SMC_CALLS		(FWU_NUM_SMC_CALLS + 4)
+#else
+# define BL1_NUM_SMC_CALLS		4
+#endif
+/*
+ * The macros below are used to identify FWU
+ * calls from the SMC function ID
+ */
+#define FWU_SMC_FID_START		FWU_SMC_IMAGE_COPY
+#define FWU_SMC_FID_END			FWU_SMC_UPDATE_DONE
+#define is_fwu_fid(_fid) \
+    ((_fid >= FWU_SMC_FID_START) && (_fid <= FWU_SMC_FID_END))
+#ifndef __ASSEMBLY__
+#include <cassert.h>
+/*
+ * Check if the total number of FWU SMC calls are as expected.
+ */
+CASSERT(FWU_NUM_SMC_CALLS == 	\
+		(FWU_SMC_FID_END - FWU_SMC_FID_START + 1),\
+		assert_FWU_NUM_SMC_CALLS_mismatch);
+#endif /* __ASSEMBLY__ */
+#endif /* __BL1_FWU_H__ */
--- a/include/bl1/tbbr/tbbr_img_desc.h
+++ b/include/bl1/tbbr/tbbr_img_desc.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef __TBBR_IMG_DESC_H__
+#define __TBBR_IMG_DESC_H__
+#include <bl_common.h>
+extern image_desc_t bl1_tbbr_image_descs[];
+#endif /* __TBBR_IMG_DESC_H__ */
--- a/include/bl31/runtime_svc.h
+++ b/include/bl31/runtime_svc.h
 /*
- * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
@@ -31,74 +31,9 @@
 #ifndef __RUNTIME_SVC_H__
 #define __RUNTIME_SVC_H__
-/*******************************************************************************
+#include <bl_common.h>		/* to include exception types */
- * Bit definitions inside the function id as per the SMC calling convention
+#include <smcc_helpers.h>	/* to include SMCC definitions */
- ******************************************************************************/
-#define FUNCID_TYPE_SHIFT		31
-#define FUNCID_CC_SHIFT			30
-#define FUNCID_OEN_SHIFT		24
-#define FUNCID_NUM_SHIFT		0
-#define FUNCID_TYPE_MASK		0x1
-#define FUNCID_CC_MASK			0x1
-#define FUNCID_OEN_MASK			0x3f
-#define FUNCID_NUM_MASK			0xffff
-#define FUNCID_TYPE_WIDTH		1
-#define FUNCID_CC_WIDTH			1
-#define FUNCID_OEN_WIDTH		6
-#define FUNCID_NUM_WIDTH		16
-#define GET_SMC_CC(id)			((id >> FUNCID_CC_SHIFT) & \
-					 FUNCID_CC_MASK)
-#define GET_SMC_TYPE(id)		((id >> FUNCID_TYPE_SHIFT) & \
-					 FUNCID_TYPE_MASK)
-#define SMC_64				1
-#define SMC_32				0
-#define SMC_UNK				0xffffffff
-#define SMC_TYPE_FAST			1
-#define SMC_TYPE_STD			0
-#define SMC_PREEMPTED		0xfffffffe
-/*******************************************************************************
- * Owning entity number definitions inside the function id as per the SMC
- * calling convention
- ******************************************************************************/
-#define OEN_ARM_START			0
-#define OEN_ARM_END			0
-#define OEN_CPU_START			1
-#define OEN_CPU_END			1
-#define OEN_SIP_START			2
-#define OEN_SIP_END			2
-#define OEN_OEM_START			3
-#define OEN_OEM_END			3
-#define OEN_STD_START			4	/* Standard Calls */
-#define OEN_STD_END			4
-#define OEN_TAP_START			48	/* Trusted Applications */
-#define OEN_TAP_END			49
-#define OEN_TOS_START			50	/* Trusted OS */
-#define OEN_TOS_END			63
-#define OEN_LIMIT			64
-/*******************************************************************************
- * Constants to indicate type of exception to the common exception handler.
- ******************************************************************************/
-#define SYNC_EXCEPTION_SP_EL0		0x0
-#define IRQ_SP_EL0			0x1
-#define FIQ_SP_EL0			0x2
-#define SERROR_SP_EL0			0x3
-#define SYNC_EXCEPTION_SP_ELX		0x4
-#define IRQ_SP_ELX			0x5
-#define FIQ_SP_ELX			0x6
-#define SERROR_SP_ELX			0x7
-#define SYNC_EXCEPTION_AARCH64		0x8
-#define IRQ_AARCH64			0x9
-#define FIQ_AARCH64			0xa
-#define SERROR_AARCH64			0xb
-#define SYNC_EXCEPTION_AARCH32		0xc
-#define IRQ_AARCH32			0xd
-#define FIQ_AARCH32			0xe
-#define SERROR_AARCH32			0xf
 /*******************************************************************************
 * Structure definition, typedefs & constants for the runtime service framework
@@ -122,68 +57,9 @@
 #ifndef __ASSEMBLY__
-#include <cassert.h>
-#include <context.h>
-#include <stdint.h>
-/* Various flags passed to SMC handlers */
-#define SMC_FROM_SECURE		(0 << 0)
-#define SMC_FROM_NON_SECURE	(1 << 0)
-#define is_caller_non_secure(_f)	(!!(_f & SMC_FROM_NON_SECURE))
-#define is_caller_secure(_f)		(!(is_caller_non_secure(_f)))
 /* Prototype for runtime service initializing function */
 typedef int32_t (*rt_svc_init_t)(void);
-/* Convenience macros to return from SMC handler */
-#define SMC_RET0(_h)	{ \
-	return (uint64_t) (_h);		\
-}
-#define SMC_RET1(_h, _x0)	{ \
-	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X0, (_x0)); \
-	SMC_RET0(_h);						\
-}
-#define SMC_RET2(_h, _x0, _x1)	{ \
-	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X1, (_x1)); \
-	SMC_RET1(_h, (_x0)); \
-}
-#define SMC_RET3(_h, _x0, _x1, _x2)	{ \
-	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X2, (_x2)); \
-	SMC_RET2(_h, (_x0), (_x1)); \
-}
-#define SMC_RET4(_h, _x0, _x1, _x2, _x3)	{ \
-	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X3, (_x3)); \
-	SMC_RET3(_h, (_x0), (_x1), (_x2)); \
-}
-/*
- * Convenience macros to access general purpose registers using handle provided
- * to SMC handler. These takes the offset values defined in context.h
- */
-#define SMC_GET_GP(_h, _g) \
-	read_ctx_reg(get_gpregs_ctx(_h), (_g));
-#define SMC_SET_GP(_h, _g, _v) \
-	write_ctx_reg(get_gpregs_ctx(_h), (_g), (_v));
-/*
- * Convenience macros to access EL3 context registers using handle provided to
- * SMC handler. These takes the offset values defined in context.h
- */
-#define SMC_GET_EL3(_h, _e) \
-	read_ctx_reg(get_el3state_ctx(_h), (_e));
-#define SMC_SET_EL3(_h, _e, _v) \
-	write_ctx_reg(get_el3state_ctx(_h), (_e), (_v));
-/* The macro below is used to identify a Standard Service SMC call */
-#define is_std_svc_call(_fid)		((((_fid) >> FUNCID_OEN_SHIFT) & \
-					   FUNCID_OEN_MASK) == OEN_STD_START)
-/* The macro below is used to identify a valid Fast SMC call */
-#define is_valid_fast_smc(_fid)		((!(((_fid) >> 16) & 0xff)) && \
-					   (GET_SMC_TYPE(_fid) == SMC_TYPE_FAST))
 /*
 * Prototype for runtime service SMC handler function. x0 (SMC Function ID) to
 * x4 are as passed by the caller. Rest of the arguments to SMC and the context
@@ -247,28 +123,6 @@ CASSERT(RT_SVC_DESC_HANDLE == __builtin_offsetof(rt_svc_desc_t, handle), \
 					((call_type & FUNCID_TYPE_MASK) \
 					 << FUNCID_OEN_WIDTH))
-/*
- * Macro to define UUID for services. Apart from defining and initializing a
- * uuid_t structure, this macro verifies that the first word of the defined UUID
- * does not equal SMC_UNK. This is to ensure that the caller won't mistake the
- * returned UUID in x0 for an invalid SMC error return
- */
-#define DEFINE_SVC_UUID(_name, _tl, _tm, _th, _cl, _ch, \
-		_n0, _n1, _n2, _n3, _n4, _n5) \
-	CASSERT(_tl != SMC_UNK, invalid_svc_uuid);\
-	static const uuid_t _name = { \
-		_tl, _tm, _th, _cl, _ch, \
-		{ _n0, _n1, _n2, _n3, _n4, _n5 } \
-	}
-/* Return a UUID in the SMC return registers */
-#define SMC_UUID_RET(_h, _uuid) \
-	SMC_RET4(handle, ((const uint32_t *) &(_uuid))[0], \
-			 ((const uint32_t *) &(_uuid))[1], \
-			 ((const uint32_t *) &(_uuid))[2], \
-			 ((const uint32_t *) &(_uuid))[3])
 /*******************************************************************************
 * Function & variable prototypes
 ******************************************************************************/

--- a/include/common/bl_common.h
+++ b/include/common/bl_common.h
 /*
- * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
@@ -45,14 +45,6 @@
 #define TOP	0x1
 #define BOTTOM	!TOP
-/******************************************************************************
- * Opcode passed in x0 to tell next EL that we want to run an image.
- * Corresponds to the function ID of the only SMC that the BL1 exception
- * handlers service. That's why the chosen value is the first function ID of
- * the ARM SMC64 range.
- *****************************************************************************/
-#define RUN_IMAGE	0xC0000000
 /*******************************************************************************
 * Constants that allow assembler code to access members of and the
 * 'entry_point_info' structure at their correct offsets.
@@ -60,11 +52,41 @@
 #define ENTRY_POINT_INFO_PC_OFFSET	0x08
 #define ENTRY_POINT_INFO_ARGS_OFFSET	0x18
-#define PARAM_EP_SECURITY_MASK    0x1
+/* The following are used to set/get image attributes. */
+#define EXECUTABLE			(0x1)
+#define NON_EXECUTABLE			(0x0)
+#define PARAM_EP_EXECUTE_MASK		(0x1)
+#define PARAM_EP_EXECUTE_SHIFT		(0x1)
+#define PARAM_EP_SECURITY_MASK		(0x1)
+#define PARAM_EP_SECURITY_SHIFT		(0x0)
 #define GET_SECURITY_STATE(x) (x & PARAM_EP_SECURITY_MASK)
 #define SET_SECURITY_STATE(x, security) \
 			((x) = ((x) & ~PARAM_EP_SECURITY_MASK) | (security))
+#define GET_EXEC_STATE(x)    \
+    (((x) >> PARAM_EP_EXECUTE_SHIFT) & PARAM_EP_EXECUTE_MASK)
+#define SET_EXEC_STATE(x)    \
+    (((x) & PARAM_EP_EXECUTE_MASK) << PARAM_EP_EXECUTE_SHIFT)
+#define GET_SEC_STATE(x)    \
+    (((x) >> PARAM_EP_SECURITY_SHIFT) & PARAM_EP_SECURITY_MASK)
+#define SET_SEC_STATE(x)    \
+    (((x) & PARAM_EP_SECURITY_MASK) << PARAM_EP_SECURITY_SHIFT)
+/*
+ * The following are used for image state attributes.
+ * Image can only be in one of the following state.
+ */
+#define IMAGE_STATE_RESET			0
+#define IMAGE_STATE_COPIED			1
+#define IMAGE_STATE_COPYING			2
+#define IMAGE_STATE_AUTHENTICATED		3
+#define IMAGE_STATE_EXECUTED			4
+#define IMAGE_STATE_INTERRUPTED			5
 #define EP_EE_MASK	0x2
 #define EP_EE_LITTLE	0x0
 #define EP_EE_BIG	0x2
@@ -83,6 +105,8 @@
 #define VERSION_1		0x01
+#define INVALID_IMAGE_ID		(0xFFFFFFFF)
 #define SET_PARAM_HEAD(_p, _type, _ver, _attr) do { \
 	(_p)->h.type = (uint8_t)(_type); \
 	(_p)->h.version = (uint8_t)(_ver); \
@@ -90,6 +114,26 @@
 	(_p)->h.attr = (uint32_t)(_attr) ; \
 	} while (0)
+/*******************************************************************************
+ * Constants to indicate type of exception to the common exception handler.
+ ******************************************************************************/
+#define SYNC_EXCEPTION_SP_EL0		0x0
+#define IRQ_SP_EL0			0x1
+#define FIQ_SP_EL0			0x2
+#define SERROR_SP_EL0			0x3
+#define SYNC_EXCEPTION_SP_ELX		0x4
+#define IRQ_SP_ELX			0x5
+#define FIQ_SP_ELX			0x6
+#define SERROR_SP_ELX			0x7
+#define SYNC_EXCEPTION_AARCH64		0x8
+#define IRQ_AARCH64			0x9
+#define FIQ_AARCH64			0xa
+#define SERROR_AARCH64			0xb
+#define SYNC_EXCEPTION_AARCH32		0xc
+#define IRQ_AARCH32			0xd
+#define FIQ_AARCH32			0xe
+#define SERROR_AARCH32			0xf
 #ifndef __ASSEMBLY__
 #include <cdefs.h> /* For __dead2 */
 #include <cassert.h>
@@ -106,6 +150,8 @@ extern unsigned long __RO_START__;
 extern unsigned long __RO_END__;
 #if IMAGE_BL2
 extern unsigned long __BL2_END__;
+#elif IMAGE_BL2U
+extern unsigned long __BL2U_END__;
 #elif IMAGE_BL31
 extern unsigned long __BL31_END__;
 #elif IMAGE_BL32
@@ -177,8 +223,24 @@ typedef struct image_info {
 	param_header_t h;
 	uintptr_t image_base;   /* physical address of base of image */
 	uint32_t image_size;    /* bytes read from image file */
+	uint32_t copied_size;	/* image size copied in blocks */
 } image_info_t;
+/*****************************************************************************
+ * The image descriptor struct definition.
+ *****************************************************************************/
+typedef struct image_desc {
+	/* Contains unique image id for the image. */
+	unsigned int image_id;
+	image_info_t image_info;
+	entry_point_info_t ep_info;
+	/*
+	 * This member contains Image state information.
+	 * Refer IMAGE_STATE_XXX defined above.
+	 */
+	unsigned int state;
+} image_desc_t;
 /*******************************************************************************
 * This structure represents the superset of information that can be passed to
 * BL31 e.g. while passing control to it from BL2. The BL32 parameters will be

--- a/include/bl31/context.h
+++ b/include/bl31/context.h
--- a/include/bl31/context_mgmt.h
+++ b/include/bl31/context_mgmt.h
@@ -31,9 +31,9 @@
 #ifndef __CM_H__
 #define __CM_H__
+#include <arch.h>
+#include <bl_common.h>
 #include <common_def.h>
-#include <cpu_data.h>
-#include <stdint.h>
 /*******************************************************************************
 * Forward declarations
@@ -46,7 +46,6 @@ struct entry_point_info;
 void cm_init(void);
 void *cm_get_context_by_mpidr(uint64_t mpidr,
 			      uint32_t security_state) __warn_deprecated;
-static inline void *cm_get_context(uint32_t security_state);
 void cm_set_context_by_mpidr(uint64_t mpidr,
 			     void *context,
 			     uint32_t security_state) __warn_deprecated;
@@ -55,7 +54,9 @@ void *cm_get_context_by_index(unsigned int cpu_idx,
 void cm_set_context_by_index(unsigned int cpu_idx,
 			     void *context,
 			     unsigned int security_state);
-static inline void cm_set_context(void *context, uint32_t security_state);
+void *cm_get_context(uint32_t security_state);
+void cm_set_context(void *context, uint32_t security_state);
+inline void cm_set_next_context(void *context);
 void cm_init_context(uint64_t mpidr,
 		     const struct entry_point_info *ep) __warn_deprecated;
 void cm_init_my_context(const struct entry_point_info *ep);
@@ -76,27 +77,28 @@ uint32_t cm_get_scr_el3(uint32_t security_state);
 /* Inline definitions */
 /*******************************************************************************
- * This function returns a pointer to the most recent 'cpu_context' structure
+ * This function is used to program the context that's used for exception
- * for the calling CPU that was set as the context for the specified security
+ * return. This initializes the SP_EL3 to a pointer to a 'cpu_context' set for
- * state. NULL is returned if no such structure has been specified.
+ * the required security state
 ******************************************************************************/
-void *cm_get_context(uint32_t security_state)
+inline void cm_set_next_context(void *context)
 {
-	assert(security_state <= NON_SECURE);
+#if DEBUG
+	uint64_t sp_mode;
-	return get_cpu_data(cpu_context[security_state]);
+	/*
-}
+	 * Check that this function is called with SP_EL0 as the stack
+	 * pointer
+	 */
+	__asm__ volatile("mrs	%0, SPSel\n"
+			 : "=r" (sp_mode));
-/*******************************************************************************
+	assert(sp_mode == MODE_SP_EL0);
- * This function sets the pointer to the current 'cpu_context' structure for the
+#endif
- * specified security state for the calling CPU
- ******************************************************************************/
-void cm_set_context(void *context, uint32_t security_state)
-{
-	assert(security_state <= NON_SECURE);
-	set_cpu_data(cpu_context[security_state], context);
+	__asm__ volatile("msr	spsel, #1\n"
+			 "mov	sp, %0\n"
+			 "msr	spsel, #0\n"
+			 : : "r" (context));
 }
 #endif /* __CM_H__ */
--- a/include/common/el3_common_macros.S
+++ b/include/common/el3_common_macros.S
@@ -247,13 +247,11 @@
 #endif
 	.endif /* _init_c_runtime */
-#if IMAGE_BL31
 	/* ---------------------------------------------------------------------
 	 * Use SP_EL0 for the C runtime stack.
 	 * ---------------------------------------------------------------------
 	 */
 	msr	spsel, #0
-#endif /* IMAGE_BL31 */
 	/* ---------------------------------------------------------------------
 	 * Allocate a stack whose memory will be marked as Normal-IS-WBWA when

--- a/include/common/firmware_image_package.h
+++ b/include/common/firmware_image_package.h
 /*
- * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
@@ -39,6 +39,14 @@
 /* ToC Entry UUIDs */
+#define UUID_TRUSTED_UPDATE_FIRMWARE_SCP_BL2U \
+	{0x03279265, 0x742f, 0x44e6, 0x8d, 0xff, {0x57, 0x9a, 0xc1, 0xff, 0x06, 0x10} }
+#define UUID_TRUSTED_UPDATE_FIRMWARE_BL2U \
+	{0x37ebb360, 0xe5c1, 0x41ea, 0x9d, 0xf3, {0x19, 0xed, 0xa1, 0x1f, 0x68, 0x01} }
+#define UUID_TRUSTED_UPDATE_FIRMWARE_NS_BL2U \
+	{0x111d514f, 0xe52b, 0x494e, 0xb4, 0xc5, {0x83, 0xc2, 0xf7, 0x15, 0x84, 0x0a} }
+#define UUID_TRUSTED_FWU_CERT \
+	{0xb28a4071, 0xd618, 0x4c87, 0x8b, 0x2e, {0xc6, 0xdc, 0xcd, 0x50, 0xf0, 0x96} }
 #define UUID_TRUSTED_BOOT_FIRMWARE_BL2 \
 	{0x0becf95f, 0x224d, 0x4d3e, 0xa5, 0x44, {0xc3, 0x9d, 0x81, 0xc7, 0x3f, 0x0a} }
 #define UUID_SCP_FIRMWARE_BL30 \

--- a/include/common/smcc_helpers.h
+++ b/include/common/smcc_helpers.h
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef __SMCC_HELPERS_H__
+#define __SMCC_HELPERS_H__
+/*******************************************************************************
+ * Bit definitions inside the function id as per the SMC calling convention
+ ******************************************************************************/
+#define FUNCID_TYPE_SHIFT		31
+#define FUNCID_CC_SHIFT			30
+#define FUNCID_OEN_SHIFT		24
+#define FUNCID_NUM_SHIFT		0
+#define FUNCID_TYPE_MASK		0x1
+#define FUNCID_CC_MASK			0x1
+#define FUNCID_OEN_MASK			0x3f
+#define FUNCID_NUM_MASK			0xffff
+#define FUNCID_TYPE_WIDTH		1
+#define FUNCID_CC_WIDTH			1
+#define FUNCID_OEN_WIDTH		6
+#define FUNCID_NUM_WIDTH		16
+#define GET_SMC_CC(id)			((id >> FUNCID_CC_SHIFT) & \
+					 FUNCID_CC_MASK)
+#define GET_SMC_TYPE(id)		((id >> FUNCID_TYPE_SHIFT) & \
+					 FUNCID_TYPE_MASK)
+#define SMC_64				1
+#define SMC_32				0
+#define SMC_UNK				0xffffffff
+#define SMC_TYPE_FAST			1
+#define SMC_TYPE_STD			0
+#define SMC_PREEMPTED		0xfffffffe
+/*******************************************************************************
+ * Owning entity number definitions inside the function id as per the SMC
+ * calling convention
+ ******************************************************************************/
+#define OEN_ARM_START			0
+#define OEN_ARM_END			0
+#define OEN_CPU_START			1
+#define OEN_CPU_END			1
+#define OEN_SIP_START			2
+#define OEN_SIP_END			2
+#define OEN_OEM_START			3
+#define OEN_OEM_END			3
+#define OEN_STD_START			4	/* Standard Calls */
+#define OEN_STD_END			4
+#define OEN_TAP_START			48	/* Trusted Applications */
+#define OEN_TAP_END			49
+#define OEN_TOS_START			50	/* Trusted OS */
+#define OEN_TOS_END			63
+#define OEN_LIMIT			64
+#ifndef __ASSEMBLY__
+#include <cassert.h>
+#include <context.h>
+#include <stdint.h>
+/* Various flags passed to SMC handlers */
+#define SMC_FROM_SECURE		(0 << 0)
+#define SMC_FROM_NON_SECURE	(1 << 0)
+#define is_caller_non_secure(_f)	(!!(_f & SMC_FROM_NON_SECURE))
+#define is_caller_secure(_f)		(!(is_caller_non_secure(_f)))
+/* Convenience macros to return from SMC handler */
+#define SMC_RET0(_h)	{ \
+	return (uint64_t) (_h);		\
+}
+#define SMC_RET1(_h, _x0)	{ \
+	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X0, (_x0)); \
+	SMC_RET0(_h);						\
+}
+#define SMC_RET2(_h, _x0, _x1)	{ \
+	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X1, (_x1)); \
+	SMC_RET1(_h, (_x0)); \
+}
+#define SMC_RET3(_h, _x0, _x1, _x2)	{ \
+	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X2, (_x2)); \
+	SMC_RET2(_h, (_x0), (_x1)); \
+}
+#define SMC_RET4(_h, _x0, _x1, _x2, _x3)	{ \
+	write_ctx_reg(get_gpregs_ctx(_h), CTX_GPREG_X3, (_x3)); \
+	SMC_RET3(_h, (_x0), (_x1), (_x2)); \
+}
+/*
+ * Convenience macros to access general purpose registers using handle provided
+ * to SMC handler. These takes the offset values defined in context.h
+ */
+#define SMC_GET_GP(_h, _g) \
+	read_ctx_reg(get_gpregs_ctx(_h), (_g));
+#define SMC_SET_GP(_h, _g, _v) \
+	write_ctx_reg(get_gpregs_ctx(_h), (_g), (_v));
+/*
+ * Convenience macros to access EL3 context registers using handle provided to
+ * SMC handler. These takes the offset values defined in context.h
+ */
+#define SMC_GET_EL3(_h, _e) \
+	read_ctx_reg(get_el3state_ctx(_h), (_e));
+#define SMC_SET_EL3(_h, _e, _v) \
+	write_ctx_reg(get_el3state_ctx(_h), (_e), (_v));
+/* The macro below is used to identify a Standard Service SMC call */
+#define is_std_svc_call(_fid)		((((_fid) >> FUNCID_OEN_SHIFT) & \
+					   FUNCID_OEN_MASK) == OEN_STD_START)
+/* The macro below is used to identify a valid Fast SMC call */
+#define is_valid_fast_smc(_fid)		((!(((_fid) >> 16) & 0xff)) && \
+					   (GET_SMC_TYPE(_fid) == SMC_TYPE_FAST))
+/*
+ * Macro to define UUID for services. Apart from defining and initializing a
+ * uuid_t structure, this macro verifies that the first word of the defined UUID
+ * does not equal SMC_UNK. This is to ensure that the caller won't mistake the
+ * returned UUID in x0 for an invalid SMC error return
+ */
+#define DEFINE_SVC_UUID(_name, _tl, _tm, _th, _cl, _ch, \
+		_n0, _n1, _n2, _n3, _n4, _n5) \
+	CASSERT(_tl != SMC_UNK, invalid_svc_uuid);\
+	static const uuid_t _name = { \
+		_tl, _tm, _th, _cl, _ch, \
+		{ _n0, _n1, _n2, _n3, _n4, _n5 } \
+	}
+/* Return a UUID in the SMC return registers */
+#define SMC_UUID_RET(_h, _uuid) \
+	SMC_RET4(handle, ((const uint32_t *) &(_uuid))[0], \
+			 ((const uint32_t *) &(_uuid))[1], \
+			 ((const uint32_t *) &(_uuid))[2], \
+			 ((const uint32_t *) &(_uuid))[3])
+#endif /*__ASSEMBLY__*/
+#endif /* __SMCC_HELPERS_H__ */
--- a/include/common/tbbr/tbbr_img_def.h
+++ b/include/common/tbbr/tbbr_img_def.h
@@ -63,4 +63,19 @@
 #define BL32_CERT_ID			14
 #define BL33_CERT_ID			15
+/* Non-Trusted ROM Firmware NS_BL1U */
+#define NS_BL1U_IMAGE_ID		16
+/* Trusted FWU Certificate */
+#define FWU_CERT_ID			17
+/* Trusted FWU SCP Firmware SCP_BL2U */
+#define SCP_BL2U_IMAGE_ID		18
+/* Trusted FWU Boot Firmware BL2U */
+#define BL2U_IMAGE_ID			19
+/* Non-Trusted FWU Firmware NS_BL2U */
+#define NS_BL2U_IMAGE_ID		20
 #endif /* __TBBR_IMG_DEF_H__ */
--- a/include/plat/arm/board/common/board_arm_def.h
+++ b/include/plat/arm/board/common/board_arm_def.h
@@ -53,6 +53,8 @@
 # else
 #  define PLATFORM_STACK_SIZE 0x400
 # endif
+#elif IMAGE_BL2U
+# define PLATFORM_STACK_SIZE 0x200
 #elif IMAGE_BL31
 # define PLATFORM_STACK_SIZE 0x400
 #elif IMAGE_BL32
@@ -65,10 +67,18 @@
 */
 #if IMAGE_BL1
 # if PLAT_fvp
-#  define PLAT_ARM_MMAP_ENTRIES		7
+#  if TRUSTED_BOARD_BOOT
+#   define PLAT_ARM_MMAP_ENTRIES	8
+#  else
+#   define PLAT_ARM_MMAP_ENTRIES	7
+#  endif	/* TRUSTED_BOARD_BOOT */
 # else
-#  define PLAT_ARM_MMAP_ENTRIES		6
+#  if TRUSTED_BOARD_BOOT
-# endif
+#   define PLAT_ARM_MMAP_ENTRIES	7
+#  else
+#   define PLAT_ARM_MMAP_ENTRIES	6
+#  endif	/* TRUSTED_BOARD_BOOT */
+# endif		/* PLAT_ */
 #endif
 #if IMAGE_BL2
 # if PLAT_fvp
@@ -77,6 +87,13 @@
 #  define PLAT_ARM_MMAP_ENTRIES		8
 # endif
 #endif
+#if IMAGE_BL2U
+# if PLAT_fvp
+#  define PLAT_ARM_MMAP_ENTRIES		3
+# else
+#  define PLAT_ARM_MMAP_ENTRIES		4
+#endif
+#endif
 #if IMAGE_BL31
 #define PLAT_ARM_MMAP_ENTRIES		5
 #endif
@@ -88,12 +105,22 @@
 * Platform specific page table and MMU setup constants
 */
 #if IMAGE_BL1
-# if PLAT_juno
+# if TRUSTED_BOARD_BOOT
-#  define MAX_XLAT_TABLES		2
+#  define MAX_XLAT_TABLES		4
 # else
+#  if PLAT_juno
+#   define MAX_XLAT_TABLES		2
+#  else
+#   define MAX_XLAT_TABLES		3
+#  endif /* PLAT_ */
+# endif	/* TRUSTED_BOARD_BOOT */
+#elif IMAGE_BL2
+# if PLAT_juno
 #  define MAX_XLAT_TABLES		3
+# else
+#  define MAX_XLAT_TABLES		4
 # endif /* PLAT_ */
-#elif IMAGE_BL2
+#elif IMAGE_BL2U
 # if PLAT_juno
 #  define MAX_XLAT_TABLES		3
 # else

--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -310,6 +310,14 @@
 # error "Unsupported ARM_TSP_RAM_LOCATION_ID value"
 #endif
+/*******************************************************************************
+ * FWU Images: NS_BL1U, BL2U & NS_BL2U defines.
+ ******************************************************************************/
+#define BL2U_BASE			BL2_BASE
+#define BL2U_LIMIT			BL31_BASE
+#define NS_BL2U_BASE			ARM_NS_DRAM1_BASE
+#define NS_BL1U_BASE			(V2M_FLASH0_BASE + 0x03EB8000)
 /*
 * ID of the secure physical generic timer interrupt used by the TSP.
 */

--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -165,6 +165,12 @@ void arm_bl2_plat_arch_setup(void);
 uint32_t arm_get_spsr_for_bl32_entry(void);
 uint32_t arm_get_spsr_for_bl33_entry(void);
+/* BL2U utility functions */
+void arm_bl2u_early_platform_setup(struct meminfo *mem_layout,
+				void *plat_info);
+void arm_bl2u_platform_setup(void);
+void arm_bl2u_plat_arch_setup(void);
 /* BL3-1 utility functions */
 void arm_bl31_early_platform_setup(bl31_params_t *from_bl2,
 				void *plat_params_from_bl2);
@@ -174,6 +180,8 @@ void arm_bl31_plat_arch_setup(void);
 /* TSP utility functions */
 void arm_tsp_early_platform_setup(void);
+/* FIP TOC validity check */
+int arm_io_is_toc_valid(void);
 /*
 * Mandatory functions required in ARM standard platforms

--- a/include/plat/arm/css/common/css_def.h
+++ b/include/plat/arm/css/common/css_def.h
@@ -50,6 +50,10 @@
 #define NSRAM_BASE			0x2e000000
 #define NSRAM_SIZE			0x00008000
+/* System Security Control Registers */
+#define SSC_REG_BASE			0x2a420000
+#define SSC_GPRETN			(SSC_REG_BASE + 0x030)
 /* The slave_bootsecure controls access to GPU, DMC and CS. */
 #define CSS_NIC400_SLAVE_BOOTSECURE	8
@@ -112,6 +116,8 @@
 */
 #define BL30_BASE			BL31_BASE
+#define SCP_BL2U_BASE			BL31_BASE
 #define PLAT_ARM_SHARED_RAM_CACHED	MHU_PAYLOAD_CACHED
 /* Load address of Non-Secure Image for CSS platform ports */

--- a/include/plat/common/common_def.h
+++ b/include/plat/common/common_def.h
@@ -30,6 +30,9 @@
 #ifndef __COMMON_DEF_H__
 #define __COMMON_DEF_H__
+#include <bl_common.h>
+#include <platform_def.h>
 /******************************************************************************
 * Required platform porting definitions that are expected to be common to
 * all platforms
@@ -74,5 +77,14 @@
 */
 #define __warn_deprecated	__attribute__ ((deprecated))
+#define BL2_IMAGE_DESC {				\
+	.image_id = BL2_IMAGE_ID,			\
+	.image_info.h.version = VERSION_1,		\
+	.image_info.h.attr = SET_EXEC_STATE(EXECUTABLE),\
+	.image_info.image_base = BL2_BASE,		\
+	.ep_info.h.attr = SET_SEC_STATE(SECURE),	\
+	.ep_info.pc = BL2_BASE				\
+}
 #endif /* __COMMON_DEF_H__ */
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -43,6 +43,7 @@ struct meminfo;
 struct image_info;
 struct entry_point_info;
 struct bl31_params;
+struct image_desc;
 /*******************************************************************************
 * plat_get_rotpk_info() flags
@@ -92,11 +93,11 @@ void bl1_platform_setup(void);
 struct meminfo *bl1_plat_sec_mem_layout(void);
 /*
- * This function allows the platform to change the entrypoint information for
+ * The following function is mandatory when the
- * BL2, after BL1 has loaded BL2 into memory but before BL2 is executed.
+ * firmware update feature is used.
 */
-void bl1_plat_set_bl2_ep_info(struct image_info *image,
+int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
-			      struct entry_point_info *ep);
+		unsigned int flags);
 /*******************************************************************************
 * Optional BL1 functions (may be overridden)
@@ -104,6 +105,25 @@ void bl1_plat_set_bl2_ep_info(struct image_info *image,
 void bl1_init_bl2_mem_layout(const struct meminfo *bl1_mem_layout,
 			     struct meminfo *bl2_mem_layout);
+/*
+ * The following functions are used for image loading process in BL1.
+ */
+void bl1_plat_set_ep_info(unsigned int image_id,
+		struct entry_point_info *ep_info);
+/*
+ * The following functions are mandatory when firmware update
+ * feature is used and optional otherwise.
+ */
+unsigned int bl1_plat_get_next_image_id(void);
+struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
+/*
+ * The following functions are used by firmware update
+ * feature and may optionally be overridden.
+ */
+__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
 /*******************************************************************************
 * Mandatory BL2 functions
 ******************************************************************************/
@@ -172,6 +192,23 @@ void bl2_plat_get_bl32_meminfo(struct meminfo *mem_info);
 * Optional BL2 functions (may be overridden)
 ******************************************************************************/
+/*******************************************************************************
+ * Mandatory BL2U functions.
+ ******************************************************************************/
+void bl2u_early_platform_setup(struct meminfo *mem_layout,
+		void *plat_info);
+void bl2u_plat_arch_setup(void);
+void bl2u_platform_setup(void);
+/*******************************************************************************
+ * Conditionally mandatory BL2U functions for CSS platforms.
+ ******************************************************************************/
+/*
+ * This function is used to perform any platform-specific actions required to
+ * handle the BL2U_SCP firmware.
+ */
+int bl2u_plat_handle_scp_bl2u(void);
 /*******************************************************************************
 * Mandatory BL3-1 functions
 ******************************************************************************/

--- a/make_helpers/build_macros.mk
+++ b/make_helpers/build_macros.mk
@@ -28,6 +28,22 @@
 # POSSIBILITY OF SUCH DAMAGE.
 #
+# This table is used in converting lower case to upper case.
+uppercase_table:=a,A b,B c,C d,D e,E f,F g,G h,H i,I j,J k,K l,L m,M n,N o,O p,P q,Q r,R s,S t,T u,U v,V w,W x,X y,Y z,Z
+# Internal macro used for converting lower case to upper case.
+#   $(1) = upper case table
+#   $(2) = String to convert
+define uppercase_internal
+$(if $(1),$$(subst $(firstword $(1)),$(call uppercase_internal,$(wordlist 2,$(words $(1)),$(1)),$(2))),$(2))
+endef
+# A macro for converting a string to upper case
+#   $(1) = String to convert
+define uppercase
+$(eval uppercase_result:=$(call uppercase_internal,$(uppercase_table),$(1)))$(uppercase_result)
+endef
 # Convenience function for adding build definitions
 # $(eval $(call add_define,FOO)) will have:
 # -DFOO if $(FOO) is empty; -DFOO=$(FOO) otherwise
@@ -82,7 +98,7 @@ define FIP_ADD_PAYLOAD
    $(eval $(if $(3),FIP_DEPS += $(3)))
 endef
-# CERT_ADD_CMD_OPT adds a new command line option to the cert_create invokation
+# CERT_ADD_CMD_OPT adds a new command line option to the cert_create invocation
 #   $(1) = parameter filename
 #   $(2) = cert_create command line option for the specified parameter
 #   $(3) = input parameter (false if empty)
@@ -107,6 +123,38 @@ check_$(1):
 	$$(if $(value $(1)),,$$(error "Platform '${PLAT}' requires $(1). Please set $(1) to point to the right file"))
 endef
+# FWU_FIP_ADD_PAYLOAD appends the command line arguments required by the FIP tool
+# to package a new FWU payload. Optionally, it  adds the dependency on this payload
+#   $(1) = payload filename (e.g. ns_bl2u.bin)
+#   $(2) = command line option for the specified payload (e.g. --ns_bl2u)
+#   $(3) = fip target dependency (optional) (e.g. ns_bl2u)
+define FWU_FIP_ADD_PAYLOAD
+    $(eval $(if $(3),FWU_FIP_DEPS += $(3)))
+    $(eval FWU_FIP_ARGS += $(2) $(1))
+endef
+# FWU_CERT_ADD_CMD_OPT adds a new command line option to the cert_create invocation
+#   $(1) = parameter filename
+#   $(2) = cert_create command line option for the specified parameter
+#   $(3) = input parameter (false if empty)
+define FWU_CERT_ADD_CMD_OPT
+    $(eval $(if $(3),FWU_CRT_DEPS += $(1)))
+    $(eval FWU_CRT_ARGS += $(2) $(1))
+endef
+# FWU_FIP_ADD_IMG allows the platform to pack a binary image in the FWU FIP
+#   $(1) build option to specify the image filename (BL2U, NS_BL2U, etc)
+#   $(2) command line option for the fip_create tool (bl2u, ns_bl2u, etc)
+# Example:
+#   $(eval $(call FWU_FIP_ADD_IMG,BL2U,--bl2u))
+define FWU_FIP_ADD_IMG
+    FWU_CRT_DEPS += check_$(1)
+    FWU_FIP_DEPS += check_$(1)
+    $(call FWU_FIP_ADD_PAYLOAD,$(value $(1)),$(2))
+check_$(1):
+	$$(if $(value $(1)),,$$(error "Platform '${PLAT}' requires $(1). Please set $(1) to point to the right file"))
+endef
 ################################################################################
 # Auxiliary macros to build TF images from sources
@@ -123,7 +171,7 @@ $(strip $(foreach goal,$(1),$(filter $(goal),$(MAKECMDGOALS))))
 endef
 # List of rules that involve building things
-BUILD_TARGETS := all bl1 bl2 bl31 bl32 certificates fip
+BUILD_TARGETS := all bl1 bl2 bl2u bl31 bl32 certificates fip
 # Does the list of goals specified on the command line include a build target?
 ifneq ($(call match_goals,${BUILD_TARGETS}),)
@@ -134,15 +182,16 @@ endif
 # MAKE_C builds a C source file and generates the dependency file
 #   $(1) = output directory
 #   $(2) = source file (%.c)
-#   $(3) = BL stage (2, 30, 31, 32, 33)
+#   $(3) = BL stage (2, 2u, 30, 31, 32, 33)
 define MAKE_C
 $(eval OBJ := $(1)/$(patsubst %.c,%.o,$(notdir $(2))))
 $(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
+$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
 $(OBJ): $(2)
 	@echo "  CC      $$<"
-	$$(Q)$$(CC) $$(CFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
+	$$(Q)$$(CC) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
 $(PREREQUISITES): $(2)
@@ -160,15 +209,16 @@ endef
 # MAKE_S builds an assembly source file and generates the dependency file
 #   $(1) = output directory
 #   $(2) = assembly file (%.S)
-#   $(3) = BL stage (2, 30, 31, 32, 33)
+#   $(3) = BL stage (2, 2u, 30, 31, 32, 33)
 define MAKE_S
 $(eval OBJ := $(1)/$(patsubst %.S,%.o,$(notdir $(2))))
 $(eval PREREQUISITES := $(patsubst %.o,%.d,$(OBJ)))
+$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
 $(OBJ): $(2)
 	@echo "  AS      $$<"
-	$$(Q)$$(AS) $$(ASFLAGS) -DIMAGE_BL$(3) -c $$< -o $$@
+	$$(Q)$$(AS) $$(ASFLAGS) -D$(IMAGE) -c $$< -o $$@
 $(PREREQUISITES): $(2)
 	@echo "  DEPS    $$@"
@@ -243,20 +293,22 @@ endef
 # MAKE_BL macro defines the targets and options to build each BL image.
 # Arguments:
-#   $(1) = BL stage (2, 30, 31, 32, 33)
+#   $(1) = BL stage (2, 2u, 30, 31, 32, 33)
 #   $(2) = In FIP (false if empty)
 define MAKE_BL
        $(eval BUILD_DIR  := ${BUILD_PLAT}/bl$(1))
-        $(eval SOURCES    := $(BL$(1)_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
+        $(eval BL_SOURCES := $(BL$(call uppercase,$(1))_SOURCES))
+        $(eval SOURCES    := $(BL_SOURCES) $(BL_COMMON_SOURCES) $(PLAT_BL_COMMON_SOURCES))
        $(eval OBJS       := $(addprefix $(BUILD_DIR)/,$(call SOURCES_TO_OBJS,$(SOURCES))))
        $(eval LINKERFILE := $(call IMG_LINKERFILE,$(1)))
        $(eval MAPFILE    := $(call IMG_MAPFILE,$(1)))
        $(eval ELF        := $(call IMG_ELF,$(1)))
        $(eval DUMP       := $(call IMG_DUMP,$(1)))
        $(eval BIN        := $(call IMG_BIN,$(1)))
+        $(eval BL_LINKERFILE := $(BL$(call uppercase,$(1))_LINKERFILE))
        $(eval $(call MAKE_OBJS,$(BUILD_DIR),$(SOURCES),$(1)))
-        $(eval $(call MAKE_LD,$(LINKERFILE),$(BL$(1)_LINKERFILE)))
+        $(eval $(call MAKE_LD,$(LINKERFILE),$(BL_LINKERFILE)))
 $(BUILD_DIR):
 	$$(Q)mkdir -p "$$@"

--- a/make_helpers/tbbr/tbbr_tools.mk
+++ b/make_helpers/tbbr/tbbr_tools.mk
@@ -56,16 +56,22 @@
 # Certificate generation tool default parameters
 TRUSTED_KEY_CERT	:=	${BUILD_PLAT}/trusted_key.crt
+FWU_CERT		:=	${BUILD_PLAT}/fwu_cert.crt
 # Add Trusted Key certificate to the fip_create and cert_create command line options
 $(eval $(call FIP_ADD_PAYLOAD,${TRUSTED_KEY_CERT},--trusted-key-cert))
 $(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_KEY_CERT},--trusted-key-cert))
+# Add fwu certificate to the fip_create and cert_create command line options
+$(eval $(call FWU_FIP_ADD_PAYLOAD,${FWU_CERT},--fwu-cert))
+$(eval $(call FWU_CERT_ADD_CMD_OPT,${FWU_CERT},--fwu-cert))
 # Add the keys to the cert_create command line options (private keys are NOT
 # packed in the FIP). Developers can use their own keys by specifying the proper
 # build option in the command line when building the Trusted Firmware
 $(if ${KEY_ALG},$(eval $(call CERT_ADD_CMD_OPT,${KEY_ALG},--key-alg)))
 $(if ${ROT_KEY},$(eval $(call CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key)))
+$(if ${ROT_KEY},$(eval $(call FWU_CERT_ADD_CMD_OPT,${ROT_KEY},--rot-key)))
 $(if ${TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${TRUSTED_WORLD_KEY},--trusted-world-key)))
 $(if ${NON_TRUSTED_WORLD_KEY},$(eval $(call CERT_ADD_CMD_OPT,${NON_TRUSTED_WORLD_KEY},--non-trusted-world-key)))
@@ -114,3 +120,17 @@ ifneq (${BL33},)
    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33.crt,--bl33-cert))
    $(eval $(call FIP_ADD_PAYLOAD,${BUILD_PLAT}/bl33_key.crt,--bl33-key-cert))
 endif
+# Add the BL2U image
+$(if ${BL2U},$(eval $(call FWU_CERT_ADD_CMD_OPT,${BL2U},--bl2u,true)),\
+     $(eval $(call FWU_CERT_ADD_CMD_OPT,$(call IMG_BIN,2u),--bl2u,true)))
+# Add the SCP_BL2U image
+ifneq (${SCP_BL2U},)
+    $(eval $(call FWU_CERT_ADD_CMD_OPT,${SCP_BL2U},--scp_bl2u,true))
+endif
+# Add the NS_BL2U image
+ifneq (${NS_BL2U},)
+    $(eval $(call FWU_CERT_ADD_CMD_OPT,${NS_BL2U},--ns_bl2u,true))
+endif