GitLab

Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.

Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>

Fix to change.log

With the migration to .rst from .md, the Issues Resolved and
Known Issues sections for v1.4 were using Header 1 format.

This patch changes to using Header 2 for these sections.

Change-Id: Ic3127d84eb169a65039fd4cc8284c6429302732d
Signed-off-by: David Cunado <david.cunado@arm.com>

Fix order of #includes

fiptool: remove local directory from the header search path

lib: psci: early suspend handler for platforms

hikey: Disable VBUS_DET interrupt for PMIC

Fix sign of variable in xlat_tables_print()

This patch changes the sign of the loop variable used in
xlat_tables_print(). It needs to be unsigned because it is compared
against another unsigned int.

Change-Id: I2b3cee7990dd75e8ebd2701de3860ead7cad8dc8
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

This patch implements the early suspend handler for Tegra SoCs. This
handler is empty for now and the actual support for a particular platform
would be added later.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

This patch adds an early suspend handler, that executes with
SMP and data cache enabled. This handler allows platforms to
perform any early actions during the CPU suspend entry sequence.

This handler is optional and platforms can choose to implement it
depending on their needs. The `pwr_domain_suspend` handler still
exists and platforms can keep on using it without any side effects.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

Add doc for some Cortex A53 errata workarounds

Translation table library v2 improvements

Fix alphabetic ordering

This fix modifies the order of system includes to meet the ARM TF coding
standard whilst retaining header groupings.

Change-Id: Ib91968f8e2cac9e96033d73d3ad9d0a2ae228b13
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

Fix CSS UART clock value

Address edge case for stale PSCI CPU data in cache

All local headers in tools/fiptool are included by #include "..."
notation instead of #include <...>, so there is no need to add the
local directory to to the header search path.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Reorganise CSS SCP bootloader layer

Use standard UNIX file:line format in assert

There is a theoretical edge case during CPU_ON where the cache
may contain stale data for the target CPU data - this can occur
under the following conditions:

- the target CPU is in another cluster from the current
- the target CPU was the last CPU to shutdown on its cluster
- the cluster was removed from coherency as part of the CPU shutdown

In this case the cache maintenace that was performed as part of the
target CPUs shutdown was not seen by the current CPU's cluster. And
so the cache may contain stale data for the target CPU.

This patch adds a cache maintenance operation (flush) for the
cache-line containing the target CPU data - this ensures that the
target CPU data is read from main memory.

Change-Id: If8cfd42639b03174f60669429b7f7a757027d0fb
Signed-off-by: David Cunado <david.cunado@arm.com>

At the moment, various parts of the Trusted Firmware code assume
that the granule size used is 4 KB. For example, the linker scripts
enforce 4 KB alignment restrictions on some sections.

However, the ARMv8-A architecture allows 16 KB and 64 KB granule
sizes as well. Some other parts of the TF code, particularly the
architectural code and definitions, have been implemented with
this in mind and cater for all 3 cases.

This discrepancy creates some confusion as to what is effectively
supported in TF. This patch adds some code comments and clarification
in the documentation to make this limitation clearer.

Change-Id: I1f202369b240d8bed9d43d57ecd2a548c86c8598
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Fix the type length and signedness of some of the constants and
variables used in the translation table library.

This patch supersedes Pull Request #1018:
https://github.com/ARM-software/arm-trusted-firmware/pull/1018



Change-Id: Ibd45faf7a4fb428a0bf71c752551d35800212fb2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

When using __builtin_ctzll() in AArch32 code, the compiler may translate
that into a call to the __ctzdi2() function. In this case, the linking
phase fails because TF doesn't provide an implementation for it.

This patch imports the implementation of the __ctzdi2() function from
LLVM's compiler-rt project and hooks it into TF's build system. The
ctzdi2.c file is an unmodified copy from the master branch as of
July 19 2017 (SVN revision: 308480).

Change-Id: I96766a025ba28e1afc6ef6a5c4ef91d85fc8f32b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Previous patches have made it possible to specify the physical and
virtual address spaces sizes for each translation context. However,
there are still some places in the code where the physical (resp.
virtual) address space size is assumed to be PLAT_PHY_ADDR_SPACE_SIZE
(resp. PLAT_VIRT_ADDR_SPACE_SIZE).

This patch removes them and reads the relevant address space size
from the translation context itself instead. This information is now
passed in argument to the enable_mmu_arch() function, which needs it
to configure the TCR_ELx.T0SZ field (in AArch64) or the TTBCR.T0SZ
field (in AArch32) appropriately.

Change-Id: I20b0e68b03a143e998695d42911d9954328a06aa
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

This patch refactors both the AArch32 and AArch64 versions of the
function enable_mmu_arch().

In both versions, the code now computes the VMSA-related system
registers upfront then program them in one go (rather than interleaving
the 2).

In the AArch64 version, this allows to reduce the amount of code
generated by the C preprocessor and limits it to the actual differences
between EL1 and EL3.

In the AArch32 version, this patch also removes the function
enable_mmu_internal_secure() and moves its code directly inside
enable_mmu_arch(), as it was its only caller.

Change-Id: I35c09b6db4404916cbb2e2fd3fda2ad59f935954
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

In both the AArch32 and AArch64 versions, this function used to check
the sanity of the PLAT_PHY_ADDR_SPACE_SIZE in regard to the
architectural maximum value. Instead, export the
xlat_arch_get_max_supported_pa() function and move the debug
assertion in AArch-agnostic code.

The AArch64 used to also precalculate the TCR.PS field value, based
on the size of the physical address space. This is now done directly
by enable_mmu_arch(), which now receives the physical address space size
in argument.

Change-Id: Ie77ea92eb06db586f28784fdb479c6e27dd1acc1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

In a previous patch, the xlat_ctx_t type has been made public.
This patch now makes the *_ctx() APIs public.

Each API now has a *_ctx() variant. Most of them were already implemented
and this patch just makes them public. However, some of them were missing
so this patch introduces them.

Now that all these APIs are public, there's no good reason for splitting
them accross 2 files (xlat_tables_internal.c and xlat_tables_common.c).
Therefore, this patch moves all code into xlat_tables_internal.c and
removes xlat_tables_common.c. It removes it from the library's makefile
as well.

This last change introduces a compatibility break for platform ports
that specifically include the xlat_tables_common.c file instead of
including the library's Makefile. The UniPhier platform makefile has
been updated to now omit this file from the list of source files.

The prototype of mmap_add_region_ctx() has been slightly changed. The
mmap_region_t passed in argument needs to be constant because it gets
called from map_add(), which receives a constant region. The former
implementation of mmap_add() used to cast the const qualifier away,
which is not a good practice.

Also remove init_xlation_table(), which was a sub-function of
init_xlat_tables(). Now there's just init_xlat_tables() (and
init_xlat_tables_ctx()). Both names were too similar, which was
confusing. Besides, now that all the code is in a single file,
it's no longer needed to have 2 functions for that.

Change-Id: I4ed88c68e44561c3902fbebb89cb197279c5293b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

After disconnect Jumper pin 1-2 in J15 header, the signal VBUS_DET is to
be pulled down to low level. This will assert the interrupt signal in
PMIC and trigger IRQ in GIC; the asserted signal from VBUS_DET is level
triggered and kernel reports the warning for unhooked interrupt handling;
and VBUS_DET stays with low level, this triggers IRQ storm in kernel.

This patch is to disable interrupt for VBUS_DET in PMIC, this can
dismiss the verbose log and IRQ storm after kernel booting.

[   40.835279] irq 57: nobody cared (try booting with the "irqpoll" option)
[   40.842075] CPU: 0 PID: 980 Comm: irq/57-hi655x-p Not tainted 4.4.77-568944-g576a0114dec8-dirty #667
[   40.851303] Hardware name: HiKey Development Board (DT)
[   40.856580] Call trace:
[   40.859060] [<ffffff800808c4cc>] dump_backtrace+0x0/0x1e0
[   40.864516] [<ffffff800808c8ac>] show_stack+0x20/0x28
[   40.869622] [<ffffff80084b9688>] dump_stack+0xa8/0xe0
[   40.874729] [<ffffff800812dd5c>] __report_bad_irq+0x40/0xec
[   40.880360] [<ffffff800812e0bc>] note_interrupt+0x1e4/0x2d8
[   40.885992] [<ffffff800812b11c>] handle_irq_event_percpu+0xd8/0x268
[   40.892324] [<ffffff800812b2f8>] handle_irq_event+0x4c/0x7c
[   40.897955] [<ffffff800812ecbc>] handle_level_irq+0xcc/0x178
[   40.903672] [<ffffff800812a778>] generic_handle_irq+0x34/0x4c
[   40.909481] [<ffffff80085074c8>] pl061_irq_handler+0xa8/0x124
[   40.915286] [<ffffff800812a778>] generic_handle_irq+0x34/0x4c
[   40.921092] [<ffffff800812a820>] __handle_domain_irq+0x90/0xf8
[   40.926985] [<ffffff8008082620>] gic_handle_irq+0x58/0xa8
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>

Clarify third party license info in readme

At the moment, the translation context type (xlat_ctx_t) is a private
type reserved for the internal usage of the translation table library.
All exported APIs (implemented in xlat_tables_common.c) are wrappers
over the internal implementations that use such a translation context.

These wrappers unconditionally pass the current translation context
representing the memory mappings of the executing BL image. This means
that the caller has no control over which translation context the
library functions act on.

As a first step to make this code more flexible, this patch exports
the 'xlat_ctx_t' type. Note that, although the declaration of this type
is now public, its definition stays private. A macro is introduced to
statically allocate and initialize such a translation context.

The library now internally uses this macro to allocate the default
translation context for the running BL image.

Change-Id: Icece1cde4813fac19452c782b682c758142b1489
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Move the header files that provide translation tables architectural
definitions from the library v2 source files to the library include
directory. This allows to share these definitions between both
versions (v1 and v2) of the library.

Create a new header file that includes the AArch32 or AArch64
definitions based on the AARCH32 build flag, so that the library user
doesn't have to worry about handling it on their side.

Also repurpose some of the definitions the header files provide to
concentrate on the things that differ between AArch32 and AArch64.
As a result they now contain the following information:
 - the first table level that allows block descriptors;
 - the architectural limits of the virtual address space;
 - the initial lookup level to cover the entire address space.

Additionally, move the XLAT_TABLE_LEVEL_MIN macro from
xlat_tables_defs.h to the AArch32/AArch64 architectural definitions.

This new organisation eliminates duplicated information in the AArch32
and AArch64 versions. It also decouples these architectural files from
any platform-specific information. Previously, they were dependent on
the address space size, which is platform-specific.

Finally, for the v2 of the library, move the compatibility code for
ADDR_SPACE_SIZE into a C file as it is not needed outside of this
file. For v1, this code hasn't been changed and stays in a header
file because it's needed by several files.

Change-Id: If746c684acd80eebf918abd3ab6e8481d004ac68
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

The DEVICE2 memory range is needed to access the Root of Trust Public
Key registers. This is not needed when Trusted Board Boot is disabled
so it's safer to not map it in this case. This also saves one level-2
page table in each of BL1 and BL2 images.

Also add some comments.

Change-Id: I67456b44f3fd5e145f6510a8499b7fdf720a7273
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

This patch adds some debug prints to display some statistics about page
tables usage. They are printed only if the LOG_LEVEL is at least 50
(i.e. VERBOSE).

Sample output for BL1:

VERBOSE:    Translation tables state:
VERBOSE:      Max allowed PA:  0xffffffff
VERBOSE:      Max allowed VA:  0xffffffff
VERBOSE:      Max mapped PA:   0x7fffffff
VERBOSE:      Max mapped VA:   0x7fffffff
VERBOSE:      Initial lookup level: 1
VERBOSE:      Entries @initial lookup level: 4
VERBOSE:      Used 4 sub-tables out of 5 (spare: 1)

Change-Id: If38956902e9616cdcd6065ecd140fe21482597ea
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Fixes ARM-software/tf-issues#479

Change-Id: Iadbde2595ad6a0ac3988d17e614c698986959277
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

Add documentation for errata 835769 and 843419 workarounds introduced in
commit a94cc374



Fixes ARM-software/tf-issues#504

Change-Id: I7f3db53dfc5f3827b32663f483d3302bc9679b19
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

Commit d832aee9

, which added SPE support, got the alphabetical ordering
wrong for documentation and Makefile addition. This patch fixes that.

Change-Id: I061ecfba4db363902c9d7d577d2ce6c612cb9e1d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Fix order of includes

On ARM CSS platforms, the SCP_BL2/2U image is loaded below
BL1 read-write data. This same memory is used to load BL31
later on. But sufficient checks were not done to ensure that the
SCP_BL2 would not overwrite BL1 rw data. This patch adds the
required CASSERT checks to prevent overwrite into BL1 or BL2
memory by load of SCP_BL2/2U. Also the size of BL31 is increased
and SCP_BL2/2U size is decreased to accomodate it within the
allocated region.

Change-Id: I23b28b5e1589e91150852a06452bd52b273216ee
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

The SCP_BL2 is transferred to SCP during BL2 image load and authenticate
sequence. The Boot-Over-MHU (BOM) protocol is used as transport for this. After
the SCP boots using the transferred image, the AP CPU waits till the `READY`
message is received from SCP. This patch separates the API for transport of
image from the wait for `READY` message and also moves the related files to
the `css/drivers` folder. The previous API `scp_bootloader_transfer` is
renamed to `css_scp_boot_image_xfer` to reflect the css naming convention.
This reorganisation also allows easier switch to a different transport
(eg: Shared Data Structure based transfer) in future

Change-Id: I8a96f9c4616ffde6dbfdf7c18f6f6f8bfa40bbf0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>