GitLab

This file is only used by Juno as all other CSS platforms have their own
private memory maps.

Change-Id: I1c9f27aac7b1d8bff4d92674e8bde5505b93c8c4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

This option makes it hard to optimize the memory definitions of all Arm
platforms because any change in the common defines must work in all of
them. The best thing to do is to remove it and move the definition to
each platform's header.

FVP, SGI and SGM were using the definitions in board_arm_def.h. The
definitions have been copied to each platform's platform_def.h. Juno
was already using the ones in platform_def.h, so there have been no
changes.

Change-Id: I9aecd11bbc72a3d0d7aad1ef9934d8df21dcfaf2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

- Remove references to removed build options.
- Remove support for legacy GIC driver.
- Remove support for LOAD_IMAGE_V2=0.

Change-Id: I72f8c05620bdf4a682765e6e53e2c04ca749a3d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The patch 7b56928a

 unified the FWU mechanism on FVP and Juno
platforms due to issues with MCC firmware not preserving the
NVFLAGS. With MCCv150 firmware, this issue is resolved. Also
writing to the NOR flash while executing from the same flash
in Bypass mode had some stability issues. Hence, since the
MCC firmware issue is resolved, this patch reverts to the
NVFLAGS mechanism to detect FWU. Also, with the introduction
of SDS (Shared Data Structure) by the SCP, the reset syndrome
needs to queried from the appropriate SDS field.

Change-Id: If9c08f1afaaa4fcf197f3186887068103855f554
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Signed-off-by: Soby Mathew <Soby.Mathew@arm.com>

All the arm platforms were including the files related to
mem-protect. This configuration generates some problems
with new platforms that don't support such functionality,
and for that reason this patch moves these files to the
platform specific makefiles.

Change-Id: I6923e5224668b76667795d8e11723cede7979b1e
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additional code.
Signed-off-by: Summer Qin <summer.qin@arm.com>

Previously, Juno used to depend on the SSC_GPRETN register to inform
about the reset syndrome. This method was removed when SCP migrated
to the SDS framework. But even the SDS framework doesn't report the
reset syndrome correctly and hence Juno failed to enter Firmware
update mode if BL2 authentication failed.

In addition to that, the error code populated in V2M_SYS_NVFLAGS register
does not seem to be retained any more on Juno across resets. This could
be down to the motherboard firmware not doing the necessary to preserve
the value.

Hence this patch modifies the Juno platform to use the same mechanism to
trigger firmware update as FVP which is to corrupt the FIP TOC on
authentication failure. The implementation in `fvp_err.c` is made common
for ARM platforms and is moved to the new `arm_err.c` file in
plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno
are modified to allow write to the Flash memory address.

Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

The SCP binaries provided in the 17.10 Linaro release (and onwards)
have migrated to the SCMI/SDS protocols. Therefore, the ARM TF should
now use the corresponding drivers by default.

This patch changes the default value of the CSS_USE_SCMI_SDS_DRIVER
build option to 1 for Juno.

Change-Id: Idb7e3c6af582f49e332167a2158703c2d781b437
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Pre-v8.2 platforms such as the Juno platform does not have
the Scalable Vector Extensions implemented and so the build
option ENABLE_SVE is set to zero.

This has a minor performance improvement with no functional
impact.

Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1
Signed-off-by: David Cunado <david.cunado@arm.com>

This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :

1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
   AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
   the BL31 memory is empty when built for AArch32. Hence this patch allocates
   BL32 to the memory region occupied by BL31 for AArch32 builds.

   As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
   be used to control the load address of BL32 in AArch32 mode which was
   never the intention of the macro anyway.

2. A static assert is added to sp_min linker script to check that the progbits
   are within the bounds expected when overlaid with other images.

3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
   involved when building Juno for AArch32 mode, the build option SPD needed to
   specifed. This patch corrects this and also updates the documentation in the
   user-guide.

4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
   a result the previous assumption that BL31 must be always present is removed
   and the certificates for BL31 is only generated if `NEED_BL31` is defined.

Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

    - fixed compile error when KEY_ALG=ecdsa
    - add new option ecdsa for TF_MBEDTLS_KEY_ALG
    - add new option devel_ecdsa for ARM_ROTPK_LOCATION
    - add ecdsa key at plat/arm/board/common/rotpk/
    - reduce the mbedtls heap memory size to 13k

Change-Id: I3f7a6170af93fdbaaa7bf2fffb4680a9f6113c13
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>

Earlier patches added errata workarounds 859972 for Cortex-A72, and
859972 for Cortex-A57 CPUs. Explicitly disable the workaround for Juno.

Also reorganize errata workaround flags.

No functional changes.

Change-Id: I3fe3745de57d77e5bf52012826d3969fe5d4844e
Signed-off-by: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html



Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.

Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769

Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419

The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.

Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.

Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/



Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

The CSS power management layer previously allowed to suspend system
power domain level via both PSCI CPU_SUSPEND and PSCI SYSTEM_SUSPEND
APIs. System suspend via PSCI CPU_SUSPEND was always problematic to
support because of issues with targeting wakeup interrupts to
suspended cores before the per-cpu GIC initialization is done. This
is not the case for PSCI SYSTEM_SUSPEND API because all the other
cores are expected to be offlined prior to issuing system suspend and
PSCI CPU_ON explicit calls will be made to power them on. Hence the Juno
platform used to downgrade the PSCI CPU_SUSPEND request for system
power domain level to cluster level by overriding the default
`plat_psci_pm_ops` exported by CSS layer.

Given the direction the new CSS platforms are evolving, it is best to
limit the system suspend only via PSCI SYSTEM_SUSPEND API for all
CSS platforms. This patch makes changes to allow system suspend
only via PSCI SYSTEM_SUSPEND API. The override of `plat_psci_ops`
for Juno is removed.

Change-Id: Idb30eaad04890dd46074e9e888caeedc50a4b533
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

Following steps are required to boot JUNO in AArch32 state:
1> BL1, in AArch64 state, loads BL2.
2> BL2, in AArch64 state, initializes DDR.
  Loads SP_MIN & BL33 (AArch32 executable)images.
  Calls RUN_IMAGE SMC to go back to BL1.
3> BL1 writes AArch32 executable opcodes, to load and branch
  at the entrypoint address of SP_MIN, at HI-VECTOR address and
  then request for warm reset in AArch32 state using RMR_EL3.

This patch makes following changes to facilitate above steps:
* Added assembly function to carry out step 3 above.
* Added region in TZC that enables Secure access to the
  HI-VECTOR(0xFFFF0000) address space.
* AArch32 image descriptor is used, in BL2, to load
  SP_MIN and BL33 AArch32 executable images.

A new flag `JUNO_AARCH32_EL3_RUNTIME` is introduced that
controls above changes. By default this flag is disabled.

NOTE: BL1 and BL2 are not supported in AArch32 state for JUNO.

Change-Id: I091d56a0e6d36663e6d9d2bb53c92c672195d1ec
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

Change-Id: I7f3e4bfd46613c6311ba4015d56705414fd6feab
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

This function fills the buffer (first argument) with the specified
number of bytes (second argument) from the trusted entropy source.

This function will be used to initialize the stack protector canary.

Change-Id: Iff15aaf4778c13fa883ecb5528fcf9b8479d4489
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

Juno platform Makefile is responsible for enabling all the relevant
errata. As the Juno platform port does not know which revision of Juno
the TF
is compiled for, the revision of the cores are unknown and so all errata
up to this date are needed on at least one revision of Juno.

Change-Id: I38e1d6efc17e703f2bd55e0714f8d8fa4778f696
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

ARM erratum 855873 applies to all Cortex-A53 CPUs.
The recommended workaround is to promote "data cache clean"
instructions to "data cache clean and invalidate" instructions.
For core revisions of r0p3 and later this can be done by setting a bit
in the CPUACTLR_EL1 register, so that hardware takes care of the promotion.
As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3,
we set the bit in firmware.
Also we dump this register upon crashing to provide more debug
information.

Enable the workaround for the Juno boards.

Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

TLBI instructions for EL3 won't have the desired effect under specific
circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and
TLBI twice each time.

Even though this errata is only needed in r0p0, the current errata
framework is not prepared to apply run-time workarounds. The current one
is always applied if compiled in, regardless of the CPU or its revision.

This errata has been enabled for Juno.

The `DSB` instruction used when initializing the translation tables has
been changed to `DSB ISH` as an optimization and to be consistent with
the barriers used for the workaround.

Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
`ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
related to the translation tables but to the image size as well.

The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
`PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
This way, ARM platforms no longer have to set their own values if
`ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
otherwise. The common sizes have been set to the highest values used
for any of the current build configurations.

This is needed because in some build configurations some images are
running out of space. This way there is a common set of values known
to work for all of them and it can be optimized for each particular
platform if needed.

The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
increased. This is needed because when memory optimisations are
disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
`MAX_XLAT_TABLES` are higher. If in this situation the code is
compiled in debug mode and with "-O0", the code won't fit.

Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e

This patch migrates ARM Standard platforms to the refactored TZC driver.

Change-Id: I2a2f60b645f73e14d8f416740c4551cec87cb1fb

`board_arm_def.h` contains multiple definitions of
`PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` that are optimised for
memory usage depending upon the chosen build configuration. To ease
maintenance of these constants, this patch replaces their multiple
definitions with a single set of definitions that will work on all ARM
platforms.

Platforms can override the defaults with optimal values by enabling the
`ARM_BOARD_OPTIMISE_MMAP` build option. An example has been provided in
the Juno ADP port.

Additionally, `PLAT_ARM_MMAP_ENTRIES` is increased by one to accomodate
future ARM platforms.

Change-Id: I5ba6490fdd1e118cc9cc2d988ad7e9c38492b6f0

The common topology description helper funtions and macros for
ARM Standard platforms assumed a dual cluster system. This is not
flexible enough to scale to multi cluster platforms. This patch does
the following changes for more flexibility in defining topology:

1. The `plat_get_power_domain_tree_desc()` definition is moved from
   `arm_topology.c` to platform specific files, that is `fvp_topology.c`
   and `juno_topology.c`. Similarly the common definition of the porting
   macro `PLATFORM_CORE_COUNT` in `arm_def.h` is moved to platform
   specific `platform_def.h` header.

2. The ARM common layer porting macros which were dual cluster specific
   are now removed and a new macro PLAT_ARM_CLUSTER_COUNT is introduced
   which must be defined by each ARM standard platform.

3. A new mandatory ARM common layer porting API
   `plat_arm_get_cluster_core_count()` is introduced to enable the common
   implementation of `arm_check_mpidr()` to validate MPIDR.

4. For the FVP platforms, a new build option `FVP_NUM_CLUSTERS` has been
   introduced which allows the user to specify the cluster count to be
   used to build the topology tree within Trusted Firmare. This enables
   Trusted Firmware to be built for multi cluster FVP models.

Change-Id: Ie7a2e38e5661fe2fdb2c8fdf5641d2b2614c2b6b

ARM Trusted Firmware supports 2 different interconnect peripheral
drivers: CCI and CCN. ARM platforms are implemented using either of the
interconnect peripherals.

This patch adds a layer of abstraction to help ARM platform ports to
choose the right interconnect driver and corresponding platform support.
This is as described below:

1. A set of ARM common functions have been implemented to initialise an
interconnect and for entering/exiting a cluster from coherency. These
functions are prefixed as "plat_arm_interconnect_". Weak definitions of
these functions have been provided for each type of driver.

2.`plat_print_interconnect_regs` macro used for printing CCI registers is
moved from a common arm_macros.S to cci_macros.S.

3. The `ARM_CONFIG_HAS_CCI` flag used in `arm_config_flags` structure
is renamed to `ARM_CONFIG_HAS_INTERCONNECT`.

Change-Id: I02f31184fbf79b784175892d5ce1161b65a0066c

Prior to this patch, it was assumed that on all ARM platforms the bare
minimal security setup required is to program TrustZone protection. This
would always be done by programming the TZC-400 which was assumed to be
present in all ARM platforms. The weak definition of
platform_arm_security_setup() in plat/arm/common/arm_security.c
reflected these assumptions.

In reality, each ARM platform either decides at runtime whether
TrustZone protection needs to be programmed (e.g. FVPs) or performs
some security setup in addition to programming TrustZone protection
(e.g. NIC setup on Juno). As a result, the weak definition of
plat_arm_security_setup() is always overridden.

When a platform needs to program TrustZone protection and implements the
TZC-400 peripheral, it uses the arm_tzc_setup() function to do so. It is
also possible to program TrustZone protection through other peripherals
that include a TrustZone controller e.g. DMC-500. The programmer's
interface is slightly different across these various peripherals.

In order to satisfy the above requirements, this patch makes the
following changes to the way security setup is done on ARM platforms.

1. arm_security.c retains the definition of arm_tzc_setup() and has been
   renamed to arm_tzc400.c. This is to reflect the reliance on the
   TZC-400 peripheral to perform TrustZone programming. The new file is
   not automatically included in all platform ports through
   arm_common.mk. Each platform must include it explicitly in a platform
   specific makefile if needed.

   This approach enables introduction of similar library code to program
   TrustZone protection using a different peripheral. This code would be
   used by the subset of ARM platforms that implement this peripheral.

2. Due to #1 above, existing platforms which implements the TZC-400 have been
   updated to include the necessary files for both BL2, BL2U and BL31
   images.

Change-Id: I513c58f7a19fff2e9e9c3b95721592095bcb2735

This patch adds support for Firmware update in BL2U for ARM
platforms such that TZC initialization is performed on all
ARM platforms and (optionally) transfer of SCP_BL2U image on
ARM CSS platforms.

BL2U specific functions are added to handle early_platform and
plat_arch setup. The MMU is configured to map in the BL2U
code/data area and other required memory.

Change-Id: I57863295a608cc06e6cbf078b7ce34cbd9733e4f

This patch adds Firmware Update support for ARM platforms.

New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide
platform specific Firmware update code.

BL1 now includes mmap entry for `ARM_MAP_NS_DRAM1` to map DRAM for
authenticating NS_BL2U image(For both FVP and JUNO platform).

Change-Id: Ie116cd83f5dc00aa53d904c2f1beb23d58926555

Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both
versions of the GIC architecture. These drivers correspond to the following
software use cases:

1. A GICv2 only driver that can run only on ARM GIC v2.0 implementations
   e.g. GIC-400

2. A GICv3 only driver that can run only on ARM GIC v3.0 implementations
   e.g. GIC-500 in a mode where all interrupt regimes use GICv3 features

3. A deprecated GICv3 driver that operates in legacy mode. This driver can
   operate only in the GICv2 mode in the secure world. On a GICv3 system, this
   driver allows normal world to run in either GICv3 mode (asymmetric mode)
   or in the GICv2 mode. Both modes of operation are deprecated on GICv3
   systems.

ARM platforms implement both versions of the GIC architecture. This patch adds a
layer of abstraction to help ARM platform ports chose the right GIC driver and
corresponding platform support. This is as described below:

1. A set of ARM common functions have been introduced to initialise the GIC and
   the driver during cold and warm boot. These functions are prefixed as
   "plat_arm_gic_". Weak definitions of these functions have been provided for
   each type of driver.

2. Each platform includes the sources that implement the right functions
   directly into the its makefile. The FVP can be instantiated with different
   versions of the GIC architecture. It uses the FVP_USE_GIC_DRIVER build option
   to specify which of the three drivers should be included in the build.

3. A list of secure interrupts has to be provided to initialise each of the
  three GIC drivers. For GIC v3.0 the interrupt ids have to be further
  categorised as Group 0 and Group 1 Secure interrupts. For GIC v2.0, the two
  types are merged and treated as Group 0 interrupts.

  The two lists of interrupts are exported from the platform_def.h. The lists
  are constructed by adding a list of board specific interrupt ids to a list of
  ids common to all ARM platforms and Compute sub-systems.

This patch also makes some fields of `arm_config` data structure in FVP redundant
and these unused fields are removed.

Change-Id: Ibc8c087be7a8a6b041b78c2c3bd0c648cd2035d8

This patch adds watchdog support on ARM platforms (FVP and Juno).
A secure instance of SP805 is used as Trusted Watchdog. It is
entirely managed in BL1, being enabled in the early platform setup
hook and disabled in the exit hook. By default, the watchdog is
enabled in every build (even when TBB is disabled).

A new ARM platform specific build option `ARM_DISABLE_TRUSTED_WDOG`
has been introduced to allow the user to disable the watchdog at
build time. This feature may be used for testing or debugging
purposes.

Specific error handlers for Juno and FVP are also provided in this
patch. These handlers will be called after an image load or
authentication error. On FVP, the Table of Contents (ToC) in the FIP
is erased. On Juno, the corresponding error code is stored in the
V2M Non-Volatile flags register. In both cases, the CPU spins until
a watchdog reset is generated after 256 seconds (as specified in
the TBBR document).

Change-Id: I9ca11dcb0fe15af5dbc5407ab3cf05add962f4b4

Cortex-A72 library support is now compiled into the Juno platform port to go
with the existing A53/A57 support. This enables a single set of Juno TF
binaries to run on Juno R0, R1 and R2 boards.

Change-Id: I4a601dc4f671e98bdb19d98bbb66f02f0d8b7fc7

This patch adds the capability to power down at system power domain level
on Juno via the PSCI SYSTEM SUSPEND API. The CSS power management helpers
are modified to add support for power management operations at system
power domain level. A new helper for populating `get_sys_suspend_power_state`
handler in plat_psci_ops is defined. On entering the system suspend state,
the SCP powers down the SYSTOP power domain on the SoC and puts the memory
into retention mode. On wakeup from the power down, the system components
on the CSS will be reinitialized by the platform layer and the PSCI client
is responsible for restoring the context of these system components.

According to PSCI Specification, interrupts targeted to cores in PSCI CPU
SUSPEND should be able to resume it. On Juno, when the system power domain
is suspended, the GIC is also powered down. The SCP resumes the final core
to be suspend when an external wake-up event is received. But the other
cores cannot be woken up by a targeted interrupt, because GIC doesn't
forward these interrupts to the SCP. Due to this hardware limitation,
we down-grade PSCI CPU SUSPEND requests targeted to the system power domain
level to cluster power domain level in `juno_validate_power_state()`
and the CSS default `plat_arm_psci_ops` is overridden in juno_pm.c.

A system power domain resume helper `arm_system_pwr_domain_resume()` is
defined for ARM standard platforms which resumes/re-initializes the
system components on wakeup from system suspend. The security setup also
needs to be done on resume from system suspend, which means
`plat_arm_security_setup()` must now be included in the BL3-1 image in
addition to previous BL images if system suspend need to be supported.

Change-Id: Ie293f75f09bad24223af47ab6c6e1268f77bcc47

This patch migrates ARM reference platforms, Juno and FVP, to the new platform
API mandated by the new PSCI power domain topology and composite power state
frameworks. The platform specific makefiles now exports the build flag
ENABLE_PLAT_COMPAT=0 to disable the platform compatibility layer.

Change-Id: I3040ed7cce446fc66facaee9c67cb54a8cd7ca29

This patch modifies the Trusted Board Boot implementation to use
the new authentication framework, making use of the authentication
module, the cryto module and the image parser module to
authenticate the images in the Chain of Trust.

A new function 'load_auth_image()' has been implemented. When TBB
is enabled, this function will call the authentication module to
authenticate parent images following the CoT up to the root of
trust to finally load and authenticate the requested image.

The platform is responsible for picking up the right makefiles to
build the corresponding cryptographic and image parser libraries.
ARM platforms use the mbedTLS based libraries.

The platform may also specify what key algorithm should be used
to sign the certificates. This is done by declaring the 'KEY_ALG'
variable in the platform makefile. FVP and Juno use ECDSA keys.

On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
each to accommodate the ECDSA code.

REMOVED BUILD OPTIONS:

  * 'AUTH_MOD'

Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867

Move the Juno port from plat/juno to plat/arm/board/juno. Also rename
some of the files so they are consistently prefixed with juno_.
Update the platform makefiles accordingly.

Change-Id: I0af6cb52a5fee7ef209107a1188b76a3c33a2a9f

Major update to the Juno platform port to use the common platform code
in (include/)plat/arm/* and (include/)plat/common/*. This mainly
consists of removing duplicated code but also introduces some small
behavioural changes where there was unnecessary variation between the
FVP and Juno ports. See earlier commit titled `Add common ARM and CSS
platform code` for details.

Also move the ARM SoC specific security setup (i.e. NIC-400 and PCIe
initialization) from BL1 to `plat_arm_security_setup()` in BL2,
where the other security setup is done.

Change-Id: Ic9fe01bae8ed382bfb04fc5839a4cfff332eb124

This patch updates the FVP and Juno platform ports to use the common
driver for ARM Cache Coherent Interconnects.

Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542

Cortex-A57 erratum #806969 applies to revision r0p0 of the CPU
but does not manifest itself on Juno r0. It is not applicable
to Juno r1 in any case.

This patch modifies the Juno platform Makefile to no longer
compile this erratum workaround in.

Change-Id: I32b16835b2ac897e639e869ab2b78b62a51a0139

This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.

The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).

TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.

For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.

Documentation updated accordingly.

Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3