GitLab

Support booting OP-TEE as BL32 boot stage and secure runtime
service.

OP-TEE executes in internal RAM and uses a secure DDR area to store
the pager pagestore. Memory mapping and TZC are configured accordingly
prior OP-TEE boot. OP-TEE image is expected in OP-TEE v2 format where
a header file describes the effective boot images. This change
post processes header file content to get OP-TEE load addresses
and set OP-TEE boot arguments.

Change-Id: I02ef8b915e4be3e95b27029357d799d70e01cd44
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

This change disables secure accesses to non-secure DDR which are useless.
TF-A already maps non-secure memory with non-secure permissions thanks
to the MMU.

This change also corrects some inline comments.

Change-Id: Id4c20c9ee5c95a666dae6b7446ed80baf2d53fb0
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>

Remove STM32MP_DDR_SPEED_DFLT that is not used in STM32MP1 TF-A code.

Change-Id: I780cdc4e93a8a9d997d50f67cfc582acd4a353d6
Signed-off-by: Yann Gautier <yann.gautier@st.com>

A new static function boot_mmc is created to simplify code maintenance
of stm32mp_io_setup.

Change-Id: I5c416e567e7e174fb1c2b435925a983c9c55fc40
Signed-off-by: Yann Gautier <yann.gautier@st.com>

There is a bug in the shared heap implementation for SGM. Until the bug
is solved, the default implementation is used.

Change-Id: I010911a3f00ed860f742b14daad1d99b9e7ce711
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The weak version of plat_get_mbedtls_heap() was being used.

Change-Id: I6da331a098dd1af5bb64729d5b914cfb74b8869e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

This file is used when building the cert_create tool without using
the 'standard' set of Arm OID values as defined in the TBBR
specification (see tbbr_oid.h). This configuration is enabled by
setting USE_TBBR_DEFS to 0 during build.

At the moment this will fail because the header file included by
this file was removed in commit bb41eb7a

 ("cert: move
platform_oid.h to include/tools_share for all platforms"). For
the SGM platform this means that there is no current use for
this file.

Change-Id: I3c82983ada62330f1ab6be6d6c0cf489adabae7b
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

Update the revision number in the revision management file.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: If8918efad0fcbe6f91b66c0c7438406b1d4fb759

Changed to save and restore cntpct_el0 using memory mapped
register for generic timer when System Suspend and Resume.

Reported by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I40fd9f5434c4d52b320cd1d20322b9b8e4e67155

Update the revision number in the revision management file.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I239f4d9f58d38515a49fa1a22cece48b59710d15

Periodic write DQ training available as default.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I649cfe538e4e2c7e19145ce7d1938ce4361b2529

From the hotplug testing on Hikey960, in some case cores fail to become
online in the system. When some cores are hotplugged off, if other
cores in the same cluster enter into CPU idle states at the meantime,
the cluster will be powered off. This introduces the state machine
malfunction in the power controller, thus when hotplug on the core
afterwards, it fails to boot up the core because the power controller
thinks the cluster is powered on.

This patch is to avoid race condition between hotplug and idles by
preventing cluster power off when some of cores in the cluster are
hotplugged off, if all cores in the same cluster are hotplugged off,
the cluster can be powered off.

Change-Id: Ib2feeb093357c70409a3536cb4f9da9b504fdcbe
Signed-off-by: Wei Yu <yuwei3@hisilicon.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>

Change-Id: I0a81f4ea94d41245cd5150de341b51fc70babffe
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

The 'drivers/console/aarch64/console.S' is not needed,
so remove it from build to fix the build error when
'ERROR_DEPRECATED'set.

Change-Id: Id047a355f82fd33298b7e2b49eff289d28eb5b56
Signed-off-by: Jacky Bai <ping.bai@nxp.com>

Now it is needed to use the full path of the common header files.

Commit 09d40e0e

 ("Sanitise includes across codebase") provides more
information.

Change-Id: Ifedc79d9f664d208ba565f5736612a3edd94c647
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The old version of the macro is deprecated.

Commit cc5859ca

 ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.

Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The default implementations are defined in crash_console_helpers.S. The
platforms have to define plat_crash_console_*.

Implemented placeholders for platforms that were missing helpers.

Change-Id: Iea60b6f851956916e421dfd8c34a62d96eb9148e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

GXL platforms need to have a specific header at the beginning of bl31
image to be able to boot. This adds a tool to create that and calls it at
build time.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>

On Amlogic gxl (s905x) SOC, in order to use SCP, bl31 has to send bl30
and bl301 firmware along with their SHA256 hash over scpi.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>

In order to configure and boot SCP, BL31 has to compute and send
the SHA-256 of the firmware data via scpi. Luckily Amlogic GXL SOC
has a DMA facility that could be used to offload SHA-256
computations. This adds basic support of this hardware SHA-256
engine.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>

The Amlogic Meson S905x is a SoC with a quad core Arm Cortex-A53 running
at 1.5Ghz. It also contains a Cortex-M3 used as SCP.

This port is a minimal implementation of BL31 capable of booting
mainline U-Boot and Linux:

- Partial SCPI support.
- Basic PSCI support (CPU_ON, SYSTEM_RESET, SYSTEM_OFF).
- GICv2 driver set up.
- Basic SIP services (read efuse data, enable/disable JTAG).

This port has been tested on a lepotato.
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Remi Pommarel <repk@triplefau.lt>

Add R-Car V3M support. This is based on the original
V3M support patch for Yocto v2.23.1 by Vladimir Barinov.
Signed-off-by: Vladimir Barinov <vladimir.barinov@cogentembedded.com>
Signed-off-by: Valentine Barshak <valentine.barshak@cogentembedded.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
---
Marek: Update on top of mainline ATF/master

Add R-Car D3 SoC platform specifics. Driver, PFC, QoS, DDR init code
will be added separately.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>

Print the DRAM bank size in MiB instead of GiB in case the bank size
is smaller than 1 GiB. This prevents printing zeroes on systems with
small DRAM sizes.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>

Improved support for W=2 compilation flag by solving some nested-extern
and sign-compare warnings.

The libraries are compiling with warnings (which turn into errors with
the Werror flag).

Outside of libraries, some warnings cannot be fixed.

Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.

The libraries are compiling with warnings (which turn into errors with
the Werror flag).

Outside of libraries, some warnings cannot be fixed without heavy
structural changes.

Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The M3W ULCB board has 2 GiB of DRAM, set it so.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>

Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.

Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Watchdog driver support & enablement during platform setup
Signed-off-by: Muhammad Hadi Asyrafi Abdul Halim <muhammad.hadi.asyrafi.abdul.halim@intel.com>

The Rockchip ATF platform can be entered from both Coreboot and U-Boot.
While Coreboot does submit the list of linked parameter structs as
platform param, upstream u-boot actually always provides a pointer
to a devicetree as parameter.
This results in current ATF not running at all when started from U-Boot.

To fix this, add a stub that checks if the parameter is a fdt so we
can at least boot and not get stuck. Later on we can extend this with
actual parsing of information from the devicetree.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>

When RECLAIM_INIT_CODE is 1, the stack is used to contain the .text.init
section. This is by default enable on FVP. Due to the size increase of
the .text.init section, the stack had to be adjusted contain it.

Change-Id: Ia392341970fb86c0426cf2229b1a7295453e2e32
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

The dummy implementation of the plat_init_apiakey() platform API uses
an internal 128-bit buffer to store the initial key value used for
Pointer Authentication support.

The intent - as stated in the file comments - was for this buffer to
be write-protected by the MMU. Initialization of the buffer would be
performed before enabling the MMU, thus bypassing write protection
checks.

However, the key buffer ended up into its own read-write section by
mistake due to a typo on the section name ('rodata.apiakey' instead of
'.rodata.apiakey', note the leading dot). As a result, the linker
script was not pulling it into the .rodata output section.

One way to address this issue could have been to fix the section
name. However, this approach does not work well for BL1. Being the
first image in the boot flow, it typically is sitting in real ROM
so we don't have the capacity to update the key buffer at any time.

The dummy implementation of plat_init_apiakey() provided at the moment
is just there to demonstrate the Pointer Authentication feature in
action. Proper key management and key generation would have to be a
lot more careful on a production system.

Therefore, the approach chosen here to leave the key buffer in
writable memory but move it to the BSS section. This does mean that
the key buffer could be maliciously updated for intalling unintended
keys on the warm boot path but at the feature is only at an
experimental stage right now, this is deemed acceptable.

Change-Id: I121ccf35fe7bc86c73275a4586b32d4bc14698d6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: If56d1e200a31bd716726d7fdc1cc0ae8a63ba3ee
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Manages QSPI initialization, configuration and IO handling as boot device
Signed-off-by: Muhammad Hadi Asyrafi Abdul Halim <muhammad.hadi.asyrafi.abdul.halim@intel.com>

The i.MX8M Mini is new SOC of the i.MX8M family. it is
focused on delivering the latest and greatest video and
audio experience combining state-of-the-art media-specific
features with high-performance processing while optimized
for lowest power consumption. The i.MX 8M Mini Media Applications
Processor is  14nm FinFET product of the growing i.MX8M family
targeting the consumer & industrial market. It is built in 14LPP
to achieve both high performance and low power consumption
and relies on a powerful fully coherent core complex based on
a quad Cortex-A53 cluster with video and graphics accelerators

this patch add the basic support for i.MX8MM.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>

To support the enablement of QSPI booting
Signed-off-by: Muhammad Hadi Asyrafi Abdul Halim <muhammad.hadi.asyrafi.abdul.halim@intel.com>

MHU doorbell driver requires arm platform specific
macro "PLAT_CSS_MHU_BASE".
Rename it to "PLAT_MHUV2_BASE", so that platforms other than arm
can use generic MHU doorbell driver.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Enable the SCMI protocol support in SynQuacer platform.
Aside from power domain, system power and apcore management protocol,
this commit adds the vendor specific protocol(0x80).
This vendor specific protocol is used to get the dram mapping information
from SCP.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

for the i.MX8M SOCs, part of the code for gpc
and PSCI implementation can be reused and make it
common for all these SoCs. this patch extracts
the common part for reuse.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>