GitLab

Add tzc380 support.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Bai Ping <ping.bai@nxp.com>

Initial Spectre V1 mitigations (CVE-2017-5753).

Rm emmc delay

ccn: Introduce API to set and read value of node register

EHF and RAS documentation

romlib: Add juno support for romlib

romlib: Allow patching of romlib functions

Change-Id: Ibf2b21b12ebc0af5815fc6643532a3be9100bf02
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Initial Spectre Variant 1 mitigations (CVE-2017-5753).
A potential speculative data leak was found in PSCI code, this depends
on a non-robust implementation of the `plat_get_core_pos_by_mpidr()`
function. This is considered very low-risk. This patch adds a macro to
mitigate this. Note not all code paths could be analyzed with current
tools.

Add a macro which makes a variable 'speculation safe', using the
 __builtin_speculation_safe_value function of GCC and llvm. This will be
available in GCC 9, and is planned for llvm, but is not currently in
mainline GCC or llvm. In order to implement this mitigation the compiler
must support this builtin. Support is indicated by the
__HAVE_SPECULATION_SAFE_VALUE flag.

The -mtrack-speculation option maintains a 'tracker' register, which
determines if the processor is in false speculation at any point. This
adds instructions and increases code size, but avoids the performance
impact of a hard barrier.

Without the -mtrack-speculation option, __builtin_speculation_safe_value
expands to a

    ISB
    DSB SY

sequence after a conditional branch, before the
speculation safe variable is used. With -mtrack-speculation a

    CSEL tracker, tracker, XZR, [cond];
    AND safeval,tracker;
    CSDB

sequence is added instead, clearing the vulnerable variable by
AND'ing it with the tracker register, which is zero during speculative
execution. [cond] are the status flags which will only be true during
speculative execution. For more information on
__builtin_speculation_safe_value and the -mtrack-speculation option see
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations



The -mtracking option was not added, as the performance impact of the
mitigation is low, and there is only one occurence.

Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>

Change-Id: I77d38758d18ba6dda1652b1b1e644fbfb14386cc
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Secure world execution nearly always expect a controlled exit to
Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
of Non-secure world, and may have higher priority than Secure world
interrupts. Therefore they might preempt Secure execution, and yield
execution to Non-secure SDEI handler. Upon completion of SDEI event
handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
must resume Secure execution if it was preempted.

Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Synchronise arch.h and arch_helpers.h with TF-A-Tests

The headers forked at some point in the past and have diverged a lot. In
order to make it easier to share code between TF-A-Tests and TF-A, this
patch synchronises most of the definitions in the mentioned headers.

This is not a complete sync, it has to be followed by more cleanup.

This patch also removes the read helpers for the AArch32 instructions
ats1cpr and ats1hr (they are write-only).

Change-Id: Id13ecd7aeb83bd2318cd47156d71a42f1c9f6ba2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

commit 386b14bf64124ebf0368eab33ef07603e0c3138a
Author: Haojian Zhuang <haojian.zhuang@linaro.org>
Date:   Wed Nov 21 09:19:49 2018 +0800

    mmc: poll eMMC status after EXT_CSD command

    EXT_CSD command needs to access data from eMMC device. Add the
    operation of polling eMMC device status. Make sure the command is
    finished.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

A hacked delay time can't fit each eMMC device. Since the above commit
enables the polling operation, remove the hacked delay time now.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

EXT_CSD command needs to access data from eMMC device. Add the
operation of polling eMMC device status. Make sure the command is
finished.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

This patch adds support to build a combined BL1
and ROMLIB binary file with the right page
alignment in Juno. When USE_ROMLIB=1 is set for
Juno, it generates the combined file
bl1_romlib.bin which needs to be used instead of
bl1.bin

Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
Signed-off-by: Sathees Balya <sathees.balya@arm.com>

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>

allwinner: clock / power fixes

Add support for dmc620 tzc driver

Change-Id: I1f377d2d94c0fe8d2d9e62614f4a8e2dfcd9e745
Signed-off-by: Sathees Balya <sathees.balya@arm.com>

Register functions have to be added to the
jump table to allow patching in the
future

Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7
Signed-off-by: Sathees Balya <sathees.balya@arm.com>

This change allows patching of functions in the
romlib. This can be done by adding "patch" at the
end of the jump table entry for the function that
needs to be patched in the file jmptbl.i.
Functions patched in the jump table list will be
built as part of the BL image and the romlib
version will not be used

Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>

This reverts commit 6f512a3d

.

According to the 'Cortex-A57 MPCore Software Developers Errata Notice':

    This bug will only affect secure AArch64 EL3. If the above
    conditions occur, the CPU will not invalidate the targeted EL3 TLB
    entries and incorrect translations might occur.

For this reason it is not needed in AArch32.

Change-Id: I6f7b333817515499723e8f306145790ad6af9975
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

xlat v2: Support mapping regions with allocated VA

rcar-gen3: lock RPC hyper-flash access

Provide new APIs to add new regions without specifying the base VA.

- `mmap_add_region_alloc_va` adds a static region to mmap choosing as
  base VA the first possible address after all the currently mapped
  regions. It is aligned to an appropriate boundary in relation to the
  size and base PA of the requested region. No attempt is made to fill
  any unused VA holes.

- `mmap_add_dynamic_region_alloc_va` it adds a region the same way as
  `mmap_add_region_alloc_va` does, but it's dynamic instead of static.

- `mmap_add_alloc_va` takes an array of non const `mmap_region_t`,
  maps them in the same way as `mmap_add_region_alloc_va` and fills
  their `base_va` field. A helper macro has been created to help create
  the array, called `MAP_REGION_ALLOC_VA`.

Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Remove the platform common plat_arm_security_setup function to allow
platform specific implementations of the security setup function
implemented in the board directory of the platform.

For use by secure software, configure region0 of DMC-620 trustzone
controller to protect the upper 16MB of memory of the first DRAM block
from non-secure accesses.

Change-Id: I9a8c19656702c4fa4f6917b3655b692d443bb568
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>

ARM CoreLink DMC-620 Dynamic Memory Controller includes a TZC controller
to setup secure or non-secure regions of DRAM memory. The TZC controller
allows to setup upto eight such regions of memory in DRAM. This driver
provides helper functions to setup the TZC controller within DMC-620.

Change-Id: Iee7692417c2080052bdb7b1c2873a024bc5d1d10
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>

rpi3: fix bad formatting in rpi3.rst

d4fd0219 (pull request #1685) introduced unwanted formatting
such as bold/italic in the description for RPI3_USE_UEFI_MAP.

backtrace: Extract rules from root Makefile

rpi3: add RPI3_USE_UEFI_MAP build option

RCAR_RPC_HYPERFLASH_LOCKED can be set to 0 as a build option if the
user needs to allow u-boot to reprogram the ATF firmware using a FIP
image (as a faster alternative of toggling numerous DIP switches on
the board and using ascii-xfer of srec files)

The code being controlled with this commit should only be re-enabled for
debugging (_never_ on a product release)
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez.ortiz@gmail.com>

hikey: increase delay after eMMC initialized

Marvell: Migrate to multi console API

It's better to have them in a separate file instead of having them spread
across the Makefile. This is what the stack protector is already doing.

Change-Id: Id30742c0af10de5ea6d10674ca25bf52b0f2b262
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The default Raspberry Pi 3 memory mapping for ATF is geared towards
the use of uboot + Linux. This creates issues when trying to use
ATF with an UEFI payload and Windows on ARM64.

We therefore introduce new build option RPI3_USE_UEFI_MAP, that
enables the build process to use an alternate memory mapping that
is compatible with UEFI + Windows (as well as UEFI + Linux).

Fixes ARM-software/tf-issues#649
Signed-off-by: Pete Batard <pete@akeo.ie>

Add multi console support for STM32MP1

rpi3: add RPI3_RUNTIME_UART build option

Some eMMC chips require a longer delay. After testing
different chips, 20ms appears to work reliably.
Signed-off-by: Ryan Grachek <ryan@edited.us>