GitLab

Add support for a minimal secure interrupt service in sp_min for
the AArch32 implementation. Hard code that only FIQs are handled.

Introduce bolean build directive SP_MIN_WITH_SECURE_FIQ to enable
FIQ handling from SP_MIN.

Configure SCR[FIQ] and SCR[FW] from generic code for both cold and
warm boots to handle FIQ in secure state from monitor.

Since SP_MIN architecture, FIQ are always trapped when system executes
in non secure state. Hence discard relay of the secure/non-secure
state in the FIQ handler.

Change-Id: I1f7d1dc7b21f6f90011b7f3fcd921e455592f5e7
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.

Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>

The documentation describes the design of the translation tables
library version 2 used by the ARM Trusted Firmware.

The diagram file has been created with Dia version 0.97.2. This tool
can be obtained from: https://wiki.gnome.org/Apps/Dia/Download



Inkscape has been used to generate the *.png file from the *.dia file
to work around a bug in the generation of *.png files in some versions
of Dia.

Change-Id: Ie67d9998d4ae881b2c060200a318ad3ac2fa5e91
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

With the migration to .rst from .md, the Issues Resolved and
Known Issues sections for v1.4 were using Header 1 format.

This patch changes to using Header 2 for these sections.

Change-Id: Ic3127d84eb169a65039fd4cc8284c6429302732d
Signed-off-by: David Cunado <david.cunado@arm.com>

The current build system and driver requires the CCI product to be
specified at build time. The device constraints can be determined at run
time from its ID registers, obviating the need for specifying them
ahead.

This patch adds changes to identify and validate CCI at run time. Some
global variables are renamed to be in line with the rest of the code
base.

The build option ARM_CCI_PRODUCT_ID is now removed, and user guide is
updated.

Change-Id: Ibb765e349d3bc95ff3eb9a64bde1207ab710a93d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

ARM CPUs with multi-threading implementation has more than one
Processing Element in a single physical CPU. Such an implementation will
reflect the following changes in the MPIDR register:

  - The MT bit set;

  - Affinity levels pertaining to cluster and CPUs occupy one level
    higher than in a single-threaded implementation, and the lowest
    affinity level pertains to hardware threads. MPIDR affinity level
    fields essentially appear shifted to left than otherwise.

The FVP port henceforth assumes that both properties above to be
concomitant on a given FVP platform.

To accommodate for varied MPIDR formats at run time, this patch
re-implements the FVP platform-specific functions that translates MPIDR
values to a linear indices, along with required validation. The same
treatment is applied for GICv3 MPIDR hashing function as well.

An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which
specifies the maximum number of threads implemented per CPU. For
backwards compatibility, its value defaults to 1.

Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

This patch adds an early suspend handler, that executes with
SMP and data cache enabled. This handler allows platforms to
perform any early actions during the CPU suspend entry sequence.

This handler is optional and platforms can choose to implement it
depending on their needs. The `pwr_domain_suspend` handler still
exists and platforms can keep on using it without any side effects.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

At the moment, various parts of the Trusted Firmware code assume
that the granule size used is 4 KB. For example, the linker scripts
enforce 4 KB alignment restrictions on some sections.

However, the ARMv8-A architecture allows 16 KB and 64 KB granule
sizes as well. Some other parts of the TF code, particularly the
architectural code and definitions, have been implemented with
this in mind and cater for all 3 cases.

This discrepancy creates some confusion as to what is effectively
supported in TF. This patch adds some code comments and clarification
in the documentation to make this limitation clearer.

Change-Id: I1f202369b240d8bed9d43d57ecd2a548c86c8598
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Add documentation for errata 835769 and 843419 workarounds introduced in
commit a94cc374



Fixes ARM-software/tf-issues#504

Change-Id: I7f3db53dfc5f3827b32663f483d3302bc9679b19
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Commit d832aee9

, which added SPE support, got the alphabetical ordering
wrong for documentation and Makefile addition. This patch fixes that.

Change-Id: I061ecfba4db363902c9d7d577d2ce6c612cb9e1d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

The board features the Hi3798C V200 with an integrated quad-core
64-bit ARM Cortex A53 processor and high performance Mali T720 GPU,
making it capable of running any commercial set-top solution based on
Linux or Android. Its high performance specification also supports a
premium user experience with up to H.265 HEVC decoding of 4K video at
60 frames per second.

SOC  Hisilicon Hi3798CV200
CPU  Quad-core ARM Cortex-A53 64 bit
DRAM DDR3/3L/4 SDRAM interface, maximum 32-bit data width 2 GB
USB  Two USB 2.0 ports One USB 3.0 ports
CONSOLE  USB-micro port for console support
ETHERNET  1 GBe Ethernet
PCIE  One PCIe 2.0 interfaces
JTAG  8-Pin JTAG
EXPANSION INTERFACE  Linaro 96Boards Low Speed Expansion slot
DIMENSION Standard 160×120 mm 96Boards Enterprice Edition form factor
WIFI  802.11AC 2*2 with Bluetooth
CONNECTORS  One connector for Smart Card One connector for TSI

The platform boot sequence is as follows:
    l-loader --> arm_trusted_firmware --> u-boot

Repositories:
 - https://github.com/Linaro/poplar-l-loader.git
 - https://github.com/Linaro/poplar-u-boot.git



U-Boot is also upstream in the project's master branch.

Make sure you are using the correct branch on each one of these
repositories. The definition of "correct" might change over time (at
this moment in time this would be the "latest" branch).

Build Line:
make CROSS_COMPILE=aarch64-linux-gnu-  all fip SPD=none DEBUG=1
PLAT=poplar BL33=/path/to/u-boot.bin
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Alex Elder <elder@linaro.org>
Tested-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Tested-by: Leo Yan <leo.yan@linaro.org>
Tested-by: Alex Elder <elder@linaro.org>

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Haojian Zhuang <haojian.zhuang@linaro.org>

Signed-off-by: Victor Chong <victor.chong@linaro.org>

Signed-off-by: Victor Chong <victor.chong@linaro.org>

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Haojian Zhuang <haojian.zhuang@linaro.org>

Change-Id: I0cd355d9fc7f14fb4eabb443d596d6f0858f609e
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>

Updated change-log.rst with summary of changes since release v1.3.

Change-Id: Iecd31ed315bd9ad7ffe8bce6550f7c90e1e3a9b0
Signed-off-by: David Cunado <david.cunado@arm.com>

ARM TF has been tested against Linaro Release 17.04 - the Linaro
binaries have been update and also the version of the compiler.

Linaro binaries: 17.01 --> 17.04
AArch64 & AArch32 compilers: 5.3-2015.05 (gcc 5.3) -> 6.2-2016.11 (gcc 6.2)

This patch updates the User Guide is to state that Linaro
release 17.04 is supported.

Additionally, the following fixes are made to the User Guide:
- Removed out of date reference to Linaro release 16.06.
- Updated the Juno variant coverage to include r2.

Change-Id: Iebbced3356f8c6b3c2bff2df62574db9f937ca7b
Signed-off-by: David Cunado <david.cunado@arm.com>

Trusted Firmware has been tested as part of its CI system against Cortex
and Foundation models in the 11.0 Model release available on
developer.arm.com. Trusted Firmware has also been tested against the v8.5
AEM model.

This patch updates the user guide documentation to reflect the version of
the Foundation, AEM and Cortex Models that Trusted Firmware has been
tested against.

Change-Id: I3b5b4d1e4220bda1dcc88aa9cfa01fa711ed92cd
Signed-off-by: David Cunado <david.cunado@arm.com>

Removed Markdown documents as they have been converted to
reStructuredText.

Change-Id: I3148222eb31258f158f64de4ddcdda4b232ce483
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Non-automated fixes to the converted documentation.

Change-Id: I61f3d37c7a8d6a56a7351048060b970c5b3751e4
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Due to recent issues in the rendering of the documentation on GitHub and
some long-standing issues like the lack of automatic table of content in
Markdown, the documentation has been converted to reStructuredText.
Basic constructs looks pretty similar to Markdown.

Automatically convert GitHub markdown documentation to reStructuredText
using pandoc.

Change-Id: If20b695acedc6d1b49c8d9fb64efd6b6ba23f4a9
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Change some hard-to-convert constructs to cleaner ones.
Fix a broken link.

Change-Id: Ida70aa1da0af7a107b0e05eb20b8d46669a0380b
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:

* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
  the CryptoCell crypto driver for Trusted Board boot.

* The TrustZone filter settings for Non Secure DRAM is modified
  to allow CryptoCell to read this memory. This is required to
  authenticate BL33 which is loaded into the Non Secure DDR.

* The CSS platforms are modified to use coherent stacks in BL1 and BL2
  when CryptoCell crypto is selected. This is because CryptoCell makes
  use of DMA to transfer data and the CryptoCell SBROM library allocates
  buffers on the stack during signature/hash verification.

Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

CFLAGS content can be set on the command line to allow passing extra
options to the compiler. Its content is appended after the options set
by the Makefile (TF_CFLAGS).

The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be
completely overriden by setting it on the command line.

Also tell about LDFLAGS in the "Debugging options" section.

Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.

Document new LDFLAGS Makefile option.

Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Updated section 6, building a FIP for Juno and FVP, adding
instructions for AArch32 and AArch64.

Updated section 4.1, summary of build options, to include a
description of the `JUNO_AARCH32_EL3_RUNTIME` build flag.

Change-Id: I4ed006522cab981371c382859063f088fbfcb8f7
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

Without the additional newlines all the text becomes a single paragraph
and next newlines are ignored.

Change-Id: I783198477f654e3923fcabb21248f2bc62c33e9d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

Fix link in docs/firmware-update.md and docs/change-log.md:
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Image-Terminology



Change-Id: I2d51d373fd0f7da59b548cd6bed52c47772014fd
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

SPE is only supported in non-secure state.  Accesses to SPE specific
registers from SEL1 will trap to EL3.  During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained.  This is to
avoid a potential invalid memory access in SEL1.

SPE is architecturally specified only for AArch64.

Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.

The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.

This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.

This patch also corrects the following typos:

"NASCR definitions" -> "NSACR definitions"

Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc
Signed-off-by: David Cunado <david.cunado@arm.com>

Add TSP to test BL32 without relying on external projects.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Initial commit for Socionext UniPhier SoC support.  BL1, Bl2, and
BL31 are supported.  Refer to docs/plat/socionext-uniphier.md for
more detais.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Add document on HiKey960 platform and how to build.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

This patch adds the SCMI driver for communicating with SCP. The power
domain management and system power management protocol of the SCMI
specification[1] is implemented in the driver. The SCP power management
abstraction layer for SCMI for CSS power management is also added.

A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
driver over SCPI.

[1] ARM System Control and Management Interface v1.0 (SCMI)
Document number: ARM DEN 0056A

Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

Change-Id: Ic0a9b3c6d212e7171b37f944e11f079282dcce87
Signed-off-by: Summer Qin <summer.qin@arm.com>

This SMC is as a means for the image loading state machine to go from
COPYING, COPIED or AUTHENTICATED states to RESET state. Previously, this
was only done when the authentication of an image failed or when the
execution of the image finished.

Documentation updated.

Change-Id: Ida6d4c65017f83ae5e27465ec36f54499c6534d9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Added checks to FWU_SMC_IMAGE_COPY to prevent loading data into a
memory region where another image data is already loaded.

Without this check, if two images are configured to be loaded in
overlapping memory regions, one of them can be loaded and
authenticated and the copy function is still able to load data from
the second image on top of the first one. Since the first image is
still in authenticated state, it can be executed, which could lead to
the execution of unauthenticated arbitrary code of the second image.

Firmware update documentation updated.

Change-Id: Ib6871e569794c8e610a5ea59fe162ff5dcec526c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

It doesn't make sense to use the `-pedantic` flag when building the
Trusted Firmware as we use GNU extensions and so our code is not
fully ISO C compliant. This flag only makes sense if the code intends to
be ISO C compliant.

Change-Id: I6273564112759ff57f03b273f5349733a5f38aef
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
implements a power control register in the Redistributor frame. This
register must be programmed to mark the frame as powered on, before
accessing other registers in the frame. Rest of initialization sequence
remains the same.

The driver provides APIs for Redistributor power management, and
overrides those in the generic GICv3 driver. The driver data is shared
between generic GICv3 driver and that of GIC-600.

For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
is set to FVP_GIC600. Also update user guide.

Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>