GitLab

This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.

The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.

Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.

Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

Xilinx platform mangement related changes

Fix support for systems without secure interrupts

for rk3399 suspend/resume

This patch adds support to restart system incase of wdt
timeout.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

The vcu disable bit in efuse ipdisable register is valid
only if PL powered up so, consider PL powerup status for
determing EG/EV part. If PL is not powered up, display
EG/EV as a part of string. The PL powerup status will
be filled by pmufw based on PL PROGB status in the
9th bit of version field.This patch also used IPI
to get this info from pmufw instead of directly accessing
the registers. Accessing this info from pmufw using
IPI fixes the issue of PMUFW access denied error for
reading IPDISABLE register.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>

This patch adds new API for processing secure images. This API
is used for authentication and decryption of secure images using
xilsecure in pmufw.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

Existing code blocks each IPI send request in ipi_mb_notify()
function till pmu clears respective bit in ipi observation
register.

After sending PM_SYSTEM_SHUTDOWN request to PMU, PMU will
restart APU. While PMU is restarting APU, ATF is running out
of OCM, which can cause read/write hang from/to OCM.
There is no need to wait for notification from PMU in case
of SystemShutdown request in ATF, as APU is going to restart.

This patch fixes APU only restart issue.
Signed-off-by: Tejas Patel <tejasp@xilinx.com>
Acked-by: Wendy Liang <wendy.liang@xilinx.com>

This patch makes bitstream load blocking call and waits until
bitstream is loaded successfully or return with error.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Tested-by: Avesh Khan <aveshk@xilinx.com>

GET_CALLBACK_DATA function is not required now. IPI mailbox
can be used instead of GET_CALLBACK_DATA function.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

PMU IPI-1 is used for callbacks from PMU to master. Unsecure
master can also receive callbacks from PMU, so make PMU IPI-1
as non-secure.

All requests from master(s) to PMU would still go on PMU IPI-1
secure channel.
Signed-off-by: Rajan Vaja <rajanv@xilinx.com>

Remove includes of gic_common.h and string.h which
are not required.
Signed-off-by: Rajan Vaja <rajanv@xilinx.com>
Acked-by: Jolly Shah <jollys@xilinx.com>

Xilinx now requires the PMU FW when using ATF, so it doesn't make sense
to maintain checks for the PMU FW in ATF. This also means that cases
where ATF came up before the PMU FW (such as on QEMU) ATF will now hang
waiting for the PMU FW instead of aborting.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>

Use positive logic (pm_up instead of pm_down) to check whether PMU
services are available. This change also puts the variable into the
BSS section rather than the Data section as the variable is now
initialized to 0 rather than 1.
Signed-off-by: Will Wong <WILLW@xilinx.com>
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

If we can't find the FSBL handoff struct don't panic and just use the
defaults instead.

We still print a warning to the user to let them know what we couldn't
find it.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>

Instead of calling panic() in fsbl_atf_handover() return the error
status so that bl31_early_platform_setup() can act accordingly.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

Type "entry_point_info_t" is used in zynqmp_private.h. It is defined
in "bl_common.h". The header file which defines the type should be
included.
Signed-off-by: Wendy Liang <jliang@xilinx.com>

Added SHA to calculate SHA3 hash,RSA to encrypt data with
public key and decrypt with private key and AES to do symmetric
encryption with User key or device key.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

Read ipdisable reg which needs to be used for cg/eg/ev device detection.
ATF runs in EL3 that's why this read can be done directly.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

Add new id codes for RFSoC's.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

This patch corrects the SVD mask for getting chip ID
using 0xe is wrong and 0x7 is correct.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>

psci system_reset and system_off calls now retrieve shutdown scope on
the fly. The default scope is system, but it can be changed by calling
pm_system_shutdown(2, scope)

Until full support for different restart scopes becomes available with
PSCI 1.1 this change allows users to set the reboot scope to match
their application needs.

Possible scope values:
0 - APU subsystem: does not affect RPU, PMU or PL
1 - PS only: shutdown/restart entire PS without affecting PL
2 - System: shutdown/restart applies to entire system
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Davorin Mista <davorin.mista@aggios.com>

The PM_INIT_FINALIZE PM API is required to inform the PFW that APU is
done with requesting nodes and that not-requested nodes can be powered
down. If PM is not enabled, this call will never be made and PFW will
never power down any of the nodes which APU can use.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>

Signed-off-by: Filip Drazic <filip.drazic@aggios.com>

This patch adds pm_secure_rsaaes() API to provide access to
the xilsecure library for loading secure images
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

Read boot mode register using pm_mmio_read if pmu is
present otherwise access it directly using mmio_read_32().
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>

The pm_req_wakeup PM API accepts start address (64-bit unsiged integer)
and a flag stating if address should be used. To save an argument
of the SMC call, flag is encoded in the LSB of the address, since
addresses are word aligned.
Decode start address and use-address flag in the PM SMC handler and
pass them to pm_req_wakeup.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>

Call to pm_client_wakeup from pm_req_wakeup prevented the PM API
call to be used to wake up non-APU processor (e.g. from higher ELs),
since it clears power down request for specified APU processor.
Move this function out of pm_client_wakeup to allow passing wake up
requests to the PMU for other processor in the system.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>

NODE_EXTERN is the slave node which represents an external wake
source.
Signed-off-by: Mirela Simonovic <mirela.simonovic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>

Beside standard suspend-to-RAM state, Zynq MPSoC supports
suspend-to-RAM state with additional power savings, called
power-off suspend-to-RAM. If this mode is set, only NODE_EXTERN
must be set as wake source. Standard suspend-to-RAM procedure
is unchanged.

This patch adds support for setting suspend mode from higher
ELs and ensuring that all conditions for power-off suspend mode
are set.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>

pm_get_node_status API function returns 3 values:
-status: Current power state of the node
-requirements: Current requirements for the node
-usage: Current usage of the node
The last two values only apply to slave nodes.
Signed-off-by: Anes Hadziahmetagic <anes.hadziahmetagic@aggios.com>
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>

Sgi575/core pos calc

SPM: Do not trap S-EL0 access to SVE/SIMD/FP regs

Fix doc for bl31_plat_get_next_image_ep_info()

plat/arm: Introduce ARM_LINUX_KERNEL_AS_BL33 build option

CVE-2017-5715 mitigation for Denver CPUs

The MT bit in MPIDR is always set for SGI platforms and so the
core position calculation code is updated to take into account
the thread affinity value as well.

Change-Id: I7b2a52707f607dc3859c6bbcd2b145b7987cb4ed
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Vishwanatha HG <vishwanatha.hg@arm.com>

Instead of instantiating a local copy of GICv3 driver data for SGI
platforms, reuse the existing instance of GICv3 driver data available
in the arm common platform code.

Change-Id: If6f38e15d1f0e20cea96fff98091da300015d295
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Vishwanatha HG <vishwanatha.hg@arm.com>

Flush the indirect branch predictor and RSB on entry to EL3 by issuing
a newly added instruction for Denver CPUs. Support for this operation
can be determined by comparing bits 19:16 of ID_AFR0_EL1 with 0b0001.

To achieve this without performing any branch instruction, a per-cpu
vbar is installed which executes the workaround and then branches off
to the corresponding vector entry in the main vector table. A side
effect of this change is that the main vbar is configured before any
reset handling. This is to allow the per-cpu reset function to override
the vbar setting.

Change-Id: Ief493cd85935bab3cfee0397e856db5101bc8011
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>