GitLab

Change-Id: Ib6a20ffdddad11b9629d7dca7f841182299bf860
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

PIE: Fix reloc at the beginning of bl31 entrypoint

The relocation fixup code must be called at the beginning of bl31
entrypoint to ensure that CPU specific reset handlers are fixed up for
relocations.

Change-Id: Icb04eacb2d4c26c26b08b768d871d2c82777babb
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

driver: synosys: Fix SD MMC not initializing correctly

dw_params.mmc_dev_type should be assigned before mmc_init, otherwise SDMMC
initialization will fail as the initialization treats the device as EMMC
instead of SD.
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>

ROMLIB bug fixes

Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.

Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Add USE_ROMLIB build option to user guide

Cortex-A76: Optimize CVE_2018_3639 workaround

Restore PAuth context in case of unknown SMC call

xlat_tables_v2: Revert recent changes to remove recursion

This commit reverts the following commits:

- c54c7fc3 ("xlat_tables_v2: print xlat tables without recursion")
- db8cac2d ("xlat_tables_v2: unmap region without recursion.")
- 0ffe2692

 ("xlat_tables_v2: map region without recursion.")

This was part of PR#1843.

A problem has been detected in one of our test run configurations
involving dynamic mapping of regions and it is blocking the next
release. Until the problem can be solved, it is safer to revert
the changes.

Change-Id: I3d5456e4dbebf291c8b74939c6fb02a912e0903b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Change-Id: I4261fec500184383980b7fc9475620a485cf6c28
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Fix MIDR_EL1 value for Neoverse E1

Declare ENABLE_PAUTH build option as experimental

Change-Id: I8fb346743b7afddbb8bf5908db4f27ee5a26f99b
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Declare ENABLE_PAUTH and CTX_INCLUDE_PAUTH_REGS
build options as experimental.
Pointer Authentication is enabled for Non-secure world
irrespective of the value of these build flags if the
CPU supports it.
The patch also fixes the description of fiptool 'help' command.

Change-Id: I46de3228fbcce774a2624cd387798680d8504c38
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Pointer authentication fixes

Change-Id: I75ee39d78c81ecb528a671c0cfadfc2fe7b5d818
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

rockchip: add an fdt parsing stub for platform param

Introduce preliminary support for Neoverse Zeus

Apply variant 4 mitigation for Neoverse N1

Update documentation for mbed TLS v2.16

fvp: Increase the size of the stack for FVP

The Rockchip ATF platform can be entered from both Coreboot and U-Boot.
While Coreboot does submit the list of linked parameter structs as
platform param, upstream u-boot actually always provides a pointer
to a devicetree as parameter.
This results in current ATF not running at all when started from U-Boot.

To fix this, add a stub that checks if the parameter is a fdt so we
can at least boot and not get stuck. Later on we can extend this with
actual parsing of information from the devicetree.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>

When RECLAIM_INIT_CODE is 1, the stack is used to contain the .text.init
section. This is by default enable on FVP. Due to the size increase of
the .text.init section, the stack had to be adjusted contain it.

Change-Id: Ia392341970fb86c0426cf2229b1a7295453e2e32
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Change-Id: I1854b5830dbd48e909a4ce1b931c13fb3e997600
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

The dummy implementation of the plat_init_apiakey() platform API uses
an internal 128-bit buffer to store the initial key value used for
Pointer Authentication support.

The intent - as stated in the file comments - was for this buffer to
be write-protected by the MMU. Initialization of the buffer would be
performed before enabling the MMU, thus bypassing write protection
checks.

However, the key buffer ended up into its own read-write section by
mistake due to a typo on the section name ('rodata.apiakey' instead of
'.rodata.apiakey', note the leading dot). As a result, the linker
script was not pulling it into the .rodata output section.

One way to address this issue could have been to fix the section
name. However, this approach does not work well for BL1. Being the
first image in the boot flow, it typically is sitting in real ROM
so we don't have the capacity to update the key buffer at any time.

The dummy implementation of plat_init_apiakey() provided at the moment
is just there to demonstrate the Pointer Authentication feature in
action. Proper key management and key generation would have to be a
lot more careful on a production system.

Therefore, the approach chosen here to leave the key buffer in
writable memory but move it to the BSS section. This does mean that
the key buffer could be maliciously updated for intalling unintended
keys on the warm boot path but at the feature is only at an
experimental stage right now, this is deemed acceptable.

Change-Id: I121ccf35fe7bc86c73275a4586b32d4bc14698d6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Instruction key A was incorrectly restored in the instruction key B
registers.

Change-Id: I4cb81ac72180442c077898509cb696c9d992eda3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: If56d1e200a31bd716726d7fdc1cc0ae8a63ba3ee
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

This patch applies the new MSR instruction to directly set the
PSTATE.SSBS bit which controls speculative loads. This new instruction
is available at Neoverse N1 core so it's utilised.

Change-Id: Iee18a8b042c90fdb72d2b98f364dcfbb17510728
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Switched from a static check to a runtime assert to make sure a
workaround is implemented for CVE_2018_3639.

This allows platforms that know they have the SSBS hardware workaround
in the CPU to compile out code under DYNAMIC_WORKAROUND_CVE_2018_3639.

The gain in memory size without the dynamic workaround is 4KB in bl31.

Change-Id: I61bb7d87c59964b0c7faac5d6bc7fc5c4651cbf3
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Change-Id: I6adf7c14e8a974a7d40d51615b5e69eab1a7436f
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

refact the imx8m common code and add the imx8mm support

Apply workarounds for errata of Cortex-A17

Change-Id: I3a101e540f0b134ecf9a51fa3d7d8e3d0369b297
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Change-Id: Ic3004fc43229d63c5a59ca74c1837fb0604e1f33
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Allow setting compiler's target architecture

Apply workarounds for errata of Cortex-A15

Minor doc fixes