GitLab

ARM TF configures all interrupts as non-secure except those which
are present in irq_sec_array. This patch updates the irq_sec_array
with the missing secure interrupts for ARM platforms.

It also updates the documentation to be inline with the latest
implementation.

Fixes ARM-software/tf-issues#312

Change-Id: I39956c56a319086e3929d1fa89030b4ec4b01fcc

Move the Juno port from plat/juno to plat/arm/board/juno. Also rename
some of the files so they are consistently prefixed with juno_.
Update the platform makefiles accordingly.

Change-Id: I0af6cb52a5fee7ef209107a1188b76a3c33a2a9f

Major update to the Juno platform port to use the common platform code
in (include/)plat/arm/* and (include/)plat/common/*. This mainly
consists of removing duplicated code but also introduces some small
behavioural changes where there was unnecessary variation between the
FVP and Juno ports. See earlier commit titled `Add common ARM and CSS
platform code` for details.

Also move the ARM SoC specific security setup (i.e. NIC-400 and PCIe
initialization) from BL1 to `plat_arm_security_setup()` in BL2,
where the other security setup is done.

Change-Id: Ic9fe01bae8ed382bfb04fc5839a4cfff332eb124

For Juno r0, the platform reset handler needs to:
 - Implement the workaround for defect #831273
 - Increase the L2 Data and Tag RAM latencies for Cortex-A57.

Defect #831273 does not affect Juno r1. Also, the default value
for the L2 Tag RAM latency for Cortex-A57 is suitable on Juno r1.
The L2 Data RAM latency for Cortex-A57 still needs to be
increased, though.

This patch modifies the Juno platform reset handler to detect
the board revision and skip the unnecessary steps on Juno r1.
The behaviour on Juno r0 is unchanged.

Change-Id: I27542917223e680ef923ee860900806ffcd0357b

This patch updates the FVP and Juno platform ports to use the common
driver for ARM Cache Coherent Interconnects.

Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542

By default the SMMU for the DMA-330 is configured to mark some stream IDs
as always belonging to the Secure world. As a result, if EL1 software turns
the SMMU on, certain Non-Secure accesses get rewritten as Secure, making
them bypass translation and access Secure physical addresses directly.

Since the current Juno board firmware configures the DMA-330 hardware as
Non-Secure, rewrite the SMMU's default SSD table as well to prevent any
unexpected behaviour in EL1.

Change-Id: Iaa81d883eecf28d80eb182b9ce475684bf9c718c

This patch defines MAX_MMAP_REGIONS separately for each BL stage
as per its requirements. This minimizes the size of the mmap[]
array.

Fixes ARM-Software/tf-issues#201

Change-Id: I19b15e1a91a8365b2ecf24e2cd71937cb73916b2

This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.

PolarSSL sources must be fetched separately. The POLARSSL_DIR
build option may be used to indicate the path to the PolarSSL
main directory (this directory must contain the 'include' and
'library' subdirectories).

To be able to build PolarSSL sources as a part of the Trusted
Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
will tell the build system to remove the -pedantic option from
the CFLAGS.

Inclusion of PolarSSL increases the memory requirements of the BL1
and BL2 images. The following are the changes made to the FVP and
Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
defined:

Changes on FVP:

  - BL1 and BL2 stacks have been increased to 4 KB
  - BL1(rw) section has been increased to 32 KB.
  - BL2 memory region has been increased to 112 KB

Changes on Juno:

  - BL1 and BL2 stacks have been increased to 4 KB
  - BL1(rw) section has been increased to 32 KB.
  - Trusted ROM region in Flash has been increased to 128 KB.
  - BL2 memory region has been increased to 116 KB

Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80

This patch allows the BL3-1 NOBITS section to overlap the BL1 R/W
section since the former will always be used after the latter.
Similarly, the BL3-2 NOBITS section can overlay the BL2 image
when BL3-2 is loaded in Trusted SRAM.

Due to the current size of the images, there is no actual overlap.
Nevertheless, this reorganization may help to optimise the Trusted
SRAM usage when the images size grows.

Note that because BL3-1 NOBITS section is allowed to overlap the
BL1 R/W section, BL1 global variables will remain valid only until
execution reaches the BL3-1 entry point during a cold boot.

Documentation updated accordingly.

Fixes ARM-software/tf-issues#254

Change-Id: Id538f4d1c7f1f7858108280fd7b97e138572b879

In both FVP and Juno ports, IRQ #16, which is a PPI, is incorrectly
identified as secure SGI #8 through the constant IRQ_SEC_SGI_8.
This patch removes it.

Fixes ARM-software/tf-issues#282

Change-Id: I9e52d849611ffcd2b1f28e56dd156c5b217ed63e

This patch configures the TrustZone Controller in Juno to split
the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
regions:

- Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
  used by the SCP for DDR retraining
- Non-Secure DDR-DRAM: remaining DRAM starting at base address

Build option PLAT_TSP_LOCATION selects the location of the secure
payload (BL3-2):

- 'tsram' : Trusted SRAM (default option)
- 'dram'  : Secure region in the DDR-DRAM (set by the TrustZone
            controller)

The MMU memory map has been updated to give BL2 permission to load
BL3-2 into the DDR-DRAM secure region.

Fixes ARM-software/tf-issues#233

Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b

This patch changes the UART port assignment for various BL stages
so as to make it consistent on the platform ports. The BL1, BL2 and
BL3-1 now uses UART0 on the FVP port and SoC UART0 on the Juno port.
The BL3-2 uses UART2 on the FVP port and FPGA UART0 on the Juno
port.

This provides an interim fix to ARM-software/tf-issues#220 until
support is added for changing the UART port for a BL image between
cold boot and runtime.

Change-Id: Iae5faea90be3d59e41e597b34a902f93e737505a

This patch removes the PRIMARY_CPU definition hardcoded in the
Juno port. Instead, the primary CPU is obtained at runtime by
reading the SCC General Purpose Register 1 (GPR_1), whose value
is copied by the SCP into shared memory during the boot process.

Change-Id: I3981daa92eb7142250712274cf7f655b219837f5

This patch implements the TSP on Juno. It executes from on-chip Trusted
SRAM.

Also, the other bootloader images (i.e. BL1 R/W, BL2 and BL3-1) have
been moved around. The reason is, although there was enough space
overall to store the TSP in SRAM, there was no contiguous free chunk
of SRAM big enough to hold it.

This patch keeps the overall memory layout (i.e. keeping BL1 R/W at
the bottom, BL2 at the top and BL3-1 in between) but moves the base
addresses of all the bootloader images in such a way that:
 - memory fragmentation is reduced enough to fit BL3-2 in;
 - new base addresses are suitable for release builds as well as debug
   ones;
 - each image has a few extra kilobytes for future growth.
   BL3-1 and BL3-2 are the images which received the biggest allocations
   since they will most probably grow the most.

This patch also adds instruction synchronization barriers around the code which
handles the timer interrupt in the TSP. This ensures that the interrupt is not
acknowledged after or EOIed before it is deactivated at the peripheral.

Change-Id: I1c5b51858700027ee283ac85d18e06863a27c72e

This patch adds the initial port of the ARM Trusted Firmware on the Juno
development platform. This port does not support a BL3-2 image or any PSCI APIs
apart from PSCI_VERSION and PSCI_CPU_ON. It enables workarounds for selected
Cortex-A57 (#806969 & #813420) errata and implements the workaround for a Juno
platform errata (Defect id 831273).

Change-Id: Ib3d92df3af53820cfbb2977582ed0d7abf6ef893