1. 20 May, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Add 32 bit version of plat_get_syscnt_freq · d4486391
      Antonio Nino Diaz authored
      Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
      plat_get_syscnt_freq. The old one has been flagged as deprecated.
      Common code has been updated to use this new version. Porting guide
      has been updated.
      
      Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
      d4486391
  2. 21 Apr, 2016 1 commit
    • Yatharth Kochar's avatar
      Move `plat_get_syscnt_freq()` to arm_common.c · c073fda1
      Yatharth Kochar authored
      This patch moves the definition for `plat_get_syscnt_freq()`
      from arm_bl31_setup.c to arm_common.c. This could be useful
      in case a delay timer needs to be installed based on the
      generic timer in other BLs.
      This patch also modifies the return type for this function
      from `uint64_t` to `unsigned long long` within ARM and other
      platform files.
      
      Change-Id: Iccdfa811948e660d4fdcaae60ad1d700e4eda80d
      c073fda1
  3. 01 Apr, 2016 1 commit
    • Soby Mathew's avatar
      Modify return type of plat_get_ns_image_entrypoint() · a0ad6019
      Soby Mathew authored
      This patch modifies the return type of the platform API
      `plat_get_ns_image_entrypoint()` from `unsigned long` to
      `uintptr_t` in accordance with the coding guidelines.
      
      Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
      a0ad6019
  4. 31 Mar, 2016 1 commit
    • Juan Castillo's avatar
      TBB: add non-volatile counter support · 48279d52
      Juan Castillo authored
      This patch adds support for non-volatile counter authentication to
      the Authentication Module. This method consists of matching the
      counter values provided in the certificates with the ones stored
      in the platform. If the value from the certificate is lower than
      the platform, the boot process is aborted. This mechanism protects
      the system against rollback.
      
      The TBBR CoT has been updated to include this method as part of the
      authentication process. Two counters are used: one for the trusted
      world images and another for the non trusted world images.
      
      ** NEW PLATFORM APIs (mandatory when TBB is enabled) **
      
      int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
      
          This API returns the non-volatile counter value stored
          in the platform. The cookie in the first argument may be
          used to select the counter in case the platform provides
          more than one (i.e. TBSA compliant platforms must provide
          trusted and non-trusted counters). This cookie is specified
          in the CoT.
      
      int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
      
          This API sets a new counter value. The cookie may be
          used to select the counter to be updated.
      
      An implementation of these new APIs for ARM platforms is also
      provided. The values are obtained from the Trusted Non-Volatile
      Counters peripheral. The cookie is used to pass the extension OID.
      This OID may be interpreted by the platform to know which counter
      must return. On Juno, The trusted and non-trusted counter values
      have been tied to 31 and 223, respectively, and cannot be modified.
      
      ** IMPORTANT **
      
      THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
      NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
      ORDER TO SUCCESSFULLY BUILD TF.
      
      Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
      48279d52
  5. 14 Mar, 2016 1 commit
    • Antonio Nino Diaz's avatar
      Remove all non-configurable dead loops · 1c3ea103
      Antonio Nino Diaz authored
      Added a new platform porting function plat_panic_handler, to allow
      platforms to handle unexpected error situations. It must be
      implemented in assembly as it may be called before the C environment
      is initialized. A default implementation is provided, which simply
      spins.
      
      Corrected all dead loops in generic code to call this function
      instead. This includes the dead loop that occurs at the end of the
      call to panic().
      
      All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
      been removed.
      
      Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
      1c3ea103
  6. 22 Feb, 2016 1 commit
    • Yatharth Kochar's avatar
      Fix the inconsistencies in bl1_tbbr_image_descs[] · 843ddee4
      Yatharth Kochar authored
      This patch fixes inconsistencies in bl1_tbbr_image_descs[]
      and miscellaneous fixes in Firmware Update code.
      
      Following are the changes:
      * As part of the original FWU changes, a `copied_size`
        field was added to `image_info_t`. This was a subtle binary
        compatibility break because it changed the size of the
        `bl31_params_t` struct, which could cause problems if
        somebody used different versions of BL2 or BL31, one with
        the old `image_info_t` and one with the new version.
        This patch put the `copied_size` within the `image_desc_t`.
      * EXECUTABLE flag is now stored in `ep_info.h.attr` in place
        of `image_info.h.attr`, associating it to an entrypoint.
      * The `image_info.image_base` is only relevant for secure
        images that are copied from non-secure memory into secure
        memory. This patch removes initializing `image_base` for
        non secure images in the bl1_tbbr_image_descs[].
      * A new macro `SET_STATIC_PARAM_HEAD` is added for populating
        bl1_tbbr_image_descs[].ep_info/image_info.h members statically.
        The version, image_type and image attributes are now
        populated using this new macro.
      * Added PLAT_ARM_NVM_BASE and PLAT_ARM_NVM_SIZE to avoid direct
        usage of V2M_FLASH0_XXX in plat/arm/common/arm_bl1_fwu.c.
      * Refactoring of code/macros related to SECURE and EXECUTABLE flags.
      
      NOTE: PLATFORM PORTS THAT RELY ON THE SIZE OF `image_info_t`
            OR USE the "EXECUTABLE" BIT WITHIN `image_info_t.h.attr`
            OR USE THEIR OWN `image_desc_t` ARRAY IN BL1, MAY BE
            BROKEN BY THIS CHANGE. THIS IS CONSIDERED UNLIKELY.
      
      Change-Id: Id4e5989af7bf0ed263d19d3751939da1169b561d
      843ddee4
  7. 14 Jan, 2016 1 commit
  8. 15 Dec, 2015 1 commit
    • Dan Handley's avatar
      FWU: Pass client cookie to FWU_SMC_UPDATE_DONE · 1f37b944
      Dan Handley authored
      The current FWU_SMC_UPDATE_DONE implementation incorrectly passes
      an unused framework cookie through to the 1st argument in the
      platform function `bl1_plat_fwu_done`. The intent is to allow
      the SMC caller to pass a cookie through to this function.
      
      This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller
      through to `bl1_plat_fwu_done`. The argument names are updated
      for clarity.
      
      Upstream platforms currently do not use this argument so no
      impact is expected.
      
      Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
      1f37b944
  9. 14 Dec, 2015 2 commits
    • Juan Castillo's avatar
      Remove dashes from image names: 'BL3-x' --> 'BL3x' · d178637d
      Juan Castillo authored
      This patch removes the dash character from the image name, to
      follow the image terminology in the Trusted Firmware Wiki page:
      
          https://github.com/ARM-software/arm-trusted-firmware/wiki
      
      Changes apply to output messages, comments and documentation.
      
      non-ARM platform files have been left unmodified.
      
      Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
      d178637d
    • Juan Castillo's avatar
      Replace all SCP FW (BL0, BL3-0) references · f59821d5
      Juan Castillo authored
      This patch replaces all references to the SCP Firmware (BL0, BL30,
      BL3-0, bl30) with the image terminology detailed in the TF wiki
      (https://github.com/ARM-software/arm-trusted-firmware/wiki):
      
          BL0          -->  SCP_BL1
          BL30, BL3-0  -->  SCP_BL2
          bl30         -->  scp_bl2
      
      This change affects code, documentation, build system, tools and
      platform ports that load SCP firmware. ARM plaforms have been
      updated to the new porting API.
      
      IMPORTANT: build option to specify the SCP FW image has changed:
      
          BL30 --> SCP_BL2
      
      IMPORTANT: This patch breaks compatibility for platforms that use BL2
      to load SCP firmware. Affected platforms must be updated as follows:
      
          BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
          BL30_BASE --> SCP_BL2_BASE
          bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
          bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
      
      Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
      f59821d5
  10. 09 Dec, 2015 4 commits
    • Yatharth Kochar's avatar
      FWU: Add Generic BL2U FWU image support in BL2 · 9003fa0b
      Yatharth Kochar authored
      The Firmware Update (FWU) feature needs support for an optional
      secure world image, BL2U, to allow additional secure world
      initialization required by FWU, for example DDR initialization.
      
      This patch adds generic framework support to create BL2U.
      
      NOTE: A platform makefile must supply additional `BL2U_SOURCES`
            to build the bl2u target. A subsequent patch adds bl2u
            support for ARM platforms.
      
      Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413
      9003fa0b
    • Yatharth Kochar's avatar
      FWU: Add Generic Firmware Update framework support in BL1 · 48bfb88e
      Yatharth Kochar authored
      Firmware update(a.k.a FWU) feature is part of the TBB architecture.
      BL1 is responsible for carrying out the FWU process if platform
      specific code detects that it is needed.
      
      This patch adds support for FWU feature support in BL1 which is
      included by enabling `TRUSTED_BOARD_BOOT` compile time flag.
      
      This patch adds bl1_fwu.c which contains all the core operations
      of FWU, which are; SMC handler, image copy, authentication, execution
      and resumption. It also adds bl1.h introducing #defines for all
      BL1 SMCs.
      
      Following platform porting functions are introduced:
      
      int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
      unsigned int flags);
      	This function can be used to add platform specific memory checks
      	for the provided base/size for the given security state.
      	The weak definition will invoke `assert()` and return -ENOMEM.
      
      __dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
      	This function can be used to initiate platform specific procedure
      	to mark completion of the FWU process.
      	The weak definition waits forever calling `wfi()`.
      
      plat_bl1_common.c contains weak definitions for above functions.
      
      FWU process starts when platform detects it and return the image_id
      other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in
      `bl1_main()`.
      
      NOTE: User MUST provide platform specific real definition for
      bl1_plat_mem_check() in order to use it for Firmware update.
      
      Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
      48bfb88e
    • Yatharth Kochar's avatar
      Add descriptor based image management support in BL1 · 7baff11f
      Yatharth Kochar authored
      As of now BL1 loads and execute BL2 based on hard coded information
      provided in BL1. But due to addition of support for upcoming Firmware
      Update feature, BL1 now require more flexible approach to load and
      run different images using information provided by the platform.
      
      This patch adds new mechanism to load and execute images based on
      platform provided image id's. BL1 now queries the platform to fetch
      the image id of the next image to be loaded and executed. In order
      to achieve this, a new struct image_desc_t was added which holds the
      information about images, such as: ep_info and image_info.
      
      This patch introduces following platform porting functions:
      
      unsigned int bl1_plat_get_next_image_id(void);
      	This is used to identify the next image to be loaded
      	and executed by BL1.
      
      struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
      	This is used to retrieve the image_desc for given image_id.
      
      void bl1_plat_set_ep_info(unsigned int image_id,
      struct entry_point_info *ep_info);
      	This function allows platforms to update ep_info for given
      	image_id.
      
      The plat_bl1_common.c file provides default weak implementations of
      all above functions, the `bl1_plat_get_image_desc()` always return
      BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return
      BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns.
      These functions gets compiled into all BL1 platforms by default.
      
      Platform setup in BL1, using `bl1_platform_setup()`, is now done
      _after_ the initialization of authentication module. This change
      provides the opportunity to use authentication while doing the
      platform setup in BL1.
      
      In order to store secure/non-secure context, BL31 uses percpu_data[]
      to store context pointer for each core. In case of BL1 only the
      primary CPU will be active hence percpu_data[] is not required to
      store the context pointer.
      
      This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to
      store the context and context pointers respectively. It also also
      re-defines cm_get_context() and cm_set_context() for BL1 in
      bl1/bl1_context_mgmt.c.
      
      BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime
      environment, to support resuming execution from a previously saved
      context.
      
      NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS
            NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE
            THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()`
            INSTEAD TO MAINTAIN EXISTING BEHAVIOUR.
      
      Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
      7baff11f
    • Soby Mathew's avatar
      Ensure BL31 does not print to boot console by default · 78e61613
      Soby Mathew authored
      It is not ideal for BL31 to continue to use boot console at
      runtime which could be potentially uninitialized. This patch
      introduces a new optional platform porting API
      `bl31_plat_runtime_setup()` which allows the platform to perform
      any BL31 runtime setup just prior to BL31 exit during cold boot.
      The default weak implementation of this function will invoke
      `console_uninit()` which will suppress any BL31 runtime logs.
      
      On the ARM Standard platforms, there is an anomaly that
      the boot console will be reinitialized on resumption from
      system suspend in `arm_system_pwr_domain_resume()`. This
      will be resolved in the following patch.
      
      NOTE: The default weak definition of `bl31_plat_runtime_setup()`
      disables the BL31 console. To print the BL31 runtime
      messages, platforms must override this API and initialize a
      runtime console.
      
      Fixes ARM-software/tf-issues#328
      
      Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a
      78e61613
  11. 24 Nov, 2015 1 commit
    • Soby Mathew's avatar
      Replace build macro WARN_DEPRECATED with ERROR_DEPRECATED · 7a24cba5
      Soby Mathew authored
      This patch changes the build time behaviour when using deprecated API within
      Trusted Firmware. Previously the use of deprecated APIs would only trigger a
      build warning (which was always treated as a build error), when
      WARN_DEPRECATED = 1. Now, the use of deprecated C declarations will always
      trigger a build time warning. Whether this warning is treated as error or not
      is determined by the build flag ERROR_DEPRECATED which is disabled by default.
      When the build flag ERROR_DEPRECATED=1, the invocation of deprecated API or
      inclusion of deprecated headers will result in a build error.
      
      Also the deprecated context management helpers in context_mgmt.c are now
      conditionally compiled depending on the value of ERROR_DEPRECATED flag
      so that the APIs themselves do not result in a build error when the
      ERROR_DEPRECATED flag is set.
      
      NOTE: Build systems that use the macro WARN_DEPRECATED must migrate to
      using ERROR_DEPRECATED, otherwise deprecated API usage will no longer
      trigger a build error.
      
      Change-Id: I843bceef6bde979af7e9b51dddf861035ec7965a
      7a24cba5
  12. 28 Oct, 2015 1 commit
    • Juan Castillo's avatar
      Add optional platform error handler API · 40fc6cd1
      Juan Castillo authored
      This patch adds an optional API to the platform port:
      
          void plat_error_handler(int err) __dead2;
      
      The platform error handler is called when there is a specific error
      condition after which Trusted Firmware cannot continue. While panic()
      simply prints the crash report (if enabled) and spins, the platform
      error handler can be used to hand control over to the platform port
      so it can perform specific bookeeping or post-error actions (for
      example, reset the system). This function must not return.
      
      The parameter indicates the type of error using standard codes from
      errno.h. Possible errors reported by the generic code are:
      
          -EAUTH  : a certificate or image could not be authenticated
                    (when Trusted Board Boot is enabled)
          -ENOENT : the requested image or certificate could not be found
                    or an IO error was detected
          -ENOMEM : resources exhausted. Trusted Firmware does not use
                    dynamic memory, so this error is usually an indication
                    of an incorrect array size
      
      A default weak implementation of this function has been provided.
      It simply implements an infinite loop.
      
      Change-Id: Iffaf9eee82d037da6caa43b3aed51df555e597a3
      40fc6cd1
  13. 13 Aug, 2015 7 commits
    • Soby Mathew's avatar
      PSCI: Add deprecated API for SPD when compatibility is disabled · 5c8babcd
      Soby Mathew authored
      This patch defines deprecated platform APIs to enable Trusted
      Firmware components like Secure Payload and their dispatchers(SPD)
      to continue to build and run when platform compatibility is disabled.
      This decouples the migration of platform ports to the new platform API
      from SPD and enables them to be migrated independently. The deprecated
      platform APIs defined in this patch are : platform_get_core_pos(),
      platform_get_stack() and platform_set_stack().
      
      The patch also deprecates MPIDR based context management helpers like
      cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context().
      A mechanism to deprecate APIs and identify callers of these APIs during
      build is introduced, which is controlled by the build flag WARN_DEPRECATED.
      If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be
      flagged either as a link error for assembly files or compile time warning
      for C files during build.
      
      Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
      5c8babcd
    • Soby Mathew's avatar
      PSCI: Switch to the new PSCI frameworks · 67487846
      Soby Mathew authored
      This commit does the switch to the new PSCI framework implementation replacing
      the existing files in PSCI folder with the ones in PSCI1.0 folder. The
      corresponding makefiles are modified as required for the new implementation.
      The platform.h header file is also is switched to the new one
      as required by the new frameworks. The build flag ENABLE_PLAT_COMPAT defaults
      to 1 to enable compatibility layer which let the existing platform ports to
      continue to build and run with minimal changes.
      
      The default weak implementation of platform_get_core_pos() is now removed from
      platform_helpers.S and is provided by the compatibility layer.
      
      Note: The Secure Payloads and their dispatchers still use the old platform
      and framework APIs and hence it is expected that the ENABLE_PLAT_COMPAT build
      flag will remain enabled in subsequent patch. The compatibility for SPDs using
      the older APIs on platforms migrated to the new APIs will be added in the
      following patch.
      
      Change-Id: I18c51b3a085b564aa05fdd98d11c9f3335712719
      67487846
    • Soby Mathew's avatar
      PSCI: Implement platform compatibility layer · 32bc85f2
      Soby Mathew authored
      The new PSCI topology framework and PSCI extended State framework introduces
      a breaking change in the platform port APIs. To ease the migration of the
      platform ports to the new porting interface, a compatibility layer is
      introduced which essentially defines the new platform API in terms of the
      old API. The old PSCI helpers to retrieve the power-state, its associated
      fields and the highest coordinated physical OFF affinity level of a core
      are also implemented for compatibility. This allows the existing
      platform ports to work with the new PSCI framework without significant
      rework. This layer will be enabled by default once the switch to the new
      PSCI framework is done and is controlled by the build flag ENABLE_PLAT_COMPAT.
      
      Change-Id: I4b17cac3a4f3375910a36dba6b03d8f1700d07e3
      32bc85f2
    • Sandrine Bailleux's avatar
      PSCI: Unify warm reset entry points · eb975f52
      Sandrine Bailleux authored
      There used to be 2 warm reset entry points:
      
       - the "on finisher", for when the core has been turned on using a
         PSCI CPU_ON call;
      
       - the "suspend finisher", entered upon resumption from a previous
         PSCI CPU_SUSPEND call.
      
      The appropriate warm reset entry point used to be programmed into the
      mailboxes by the power management hooks.
      
      However, it is not required to provide this information to the PSCI
      entry point code, as it can figure it out by itself. By querying affinity
      info state, a core is able to determine on which execution path it is.
      If the state is ON_PENDING then it means it's been turned on else
      it is resuming from suspend.
      
      This patch unifies the 2 warm reset entry points into a single one:
      psci_entrypoint(). The patch also implements the necessary logic
      to distinguish between the 2 types of warm resets in the power up
      finisher.
      
      The plat_setup_psci_ops() API now takes the
      secure entry point as an additional parameter to enable the platforms
      to configure their mailbox. The platform hooks `pwr_domain_on`
      and `pwr_domain_suspend` no longer take secure entry point as
      a parameter.
      
      Change-Id: I7d1c93787b54213aefdbc046b8cd66a555dfbfd9
      eb975f52
    • Soby Mathew's avatar
      PSCI: Add framework to handle composite power states · 8ee24980
      Soby Mathew authored
      The state-id field in the power-state parameter of a CPU_SUSPEND call can be
      used to describe composite power states specific to a platform. The current PSCI
      implementation does not interpret the state-id field. It relies on the target
      power level and the state type fields in the power-state parameter to perform
      state coordination and power management operations. The framework introduced
      in this patch allows the PSCI implementation to intepret generic global states
      like RUN, RETENTION or OFF from the State-ID to make global state coordination
      decisions and reduce the complexity of platform ports. It adds support to
      involve the platform in state coordination which facilitates the use of
      composite power states and improves the support for entering standby states
      at multiple power domains.
      
      The patch also includes support for extended state-id format for the power
      state parameter as specified by PSCIv1.0.
      
      The PSCI implementation now defines a generic representation of the power-state
      parameter. It depends on the platform port to convert the power-state parameter
      (possibly encoding a composite power state) passed in a CPU_SUSPEND call to this
      representation via the `validate_power_state()` plat_psci_ops handler. It is an
      array where each index corresponds to a power level. Each entry contains the
      local power state the power domain at that power level could enter.
      
      The meaning of the local power state values is platform defined, and may vary
      between levels in a single platform. The PSCI implementation constrains the
      values only so that it can classify the state as RUN, RETENTION or OFF as
      required by the specification:
         * zero means RUN
         * all OFF state values at all levels must be higher than all RETENTION
           state values at all levels
         * the platform provides PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE values
           to the framework
      
      The platform also must define the macros PLAT_MAX_RET_STATE and
      PLAT_MAX_OFF_STATE which lets the PSCI implementation find out which power
      domains have been requested to enter a retention or power down state. The PSCI
      implementation does not interpret the local power states defined by the
      platform. The only constraint is that the PLAT_MAX_RET_STATE <
      PLAT_MAX_OFF_STATE.
      
      For a power domain tree, the generic implementation maintains an array of local
      power states. These are the states requested for each power domain by all the
      cores contained within the domain. During a request to place multiple power
      domains in a low power state, the platform is passed an array of requested
      power-states for each power domain through the plat_get_target_pwr_state()
      API. It coordinates amongst these states to determine a target local power
      state for the power domain. A default weak implementation of this API is
      provided in the platform layer which returns the minimum of the requested
      power-states back to the PSCI state coordination.
      
      Finally, the plat_psci_ops power management handlers are passed the target
      local power states for each affected power domain using the generic
      representation described above. The platform executes operations specific to
      these target states.
      
      The platform power management handler for placing a power domain in a standby
      state (plat_pm_ops_t.pwr_domain_standby()) is now only used as a fast path for
      placing a core power domain into a standby or retention state should now be
      used to only place the core power domain in a standby or retention state.
      
      The extended state-id power state format can be enabled by setting the
      build flag PSCI_EXTENDED_STATE_ID=1 and it is disabled by default.
      
      Change-Id: I9d4123d97e179529802c1f589baaa4101759d80c
      8ee24980
    • Soby Mathew's avatar
      PSCI: Introduce new platform interface to describe topology · 82dcc039
      Soby Mathew authored
      This patch removes the assumption in the current PSCI implementation that MPIDR
      based affinity levels map directly to levels in a power domain tree. This
      enables PSCI generic code to support complex power domain topologies as
      envisaged by PSCIv1.0 specification. The platform interface for querying
      the power domain topology has been changed such that:
      
      1. The generic PSCI code does not generate MPIDRs and use them to query the
         platform about the number of power domains at a particular power level. The
         platform now provides a description of the power domain tree on the SoC
         through a data structure. The existing platform APIs to provide the same
         information have been removed.
      
      2. The linear indices returned by plat_core_pos_by_mpidr() and
         plat_my_core_pos() are used to retrieve core power domain nodes from the
         power domain tree. Power domains above the core level are accessed using a
         'parent' field in the tree node descriptors.
      
      The platform describes the power domain tree in an array of 'unsigned
      char's. The first entry in the array specifies the number of power domains at
      the highest power level implemented in the system. Each susbsequent entry
      corresponds to a power domain and contains the number of power domains that are
      its direct children. This array is exported to the generic PSCI implementation
      via the new `plat_get_power_domain_tree_desc()` platform API.
      
      The PSCI generic code uses this array to populate its internal power domain tree
      using the Breadth First Search like algorithm. The tree is split into two
      arrays:
      
      1. An array that contains all the core power domain nodes
      
      2. An array that contains all the other power domain nodes
      
      A separate array for core nodes allows certain core specific optimisations to
      be implemented e.g. remove the bakery lock, re-use per-cpu data framework for
      storing some information.
      
      Entries in the core power domain array are allocated such that the
      array index of the domain is equal to the linear index returned by
      plat_core_pos_by_mpidr() and plat_my_core_pos() for the MPIDR
      corresponding to that domain. This relationship is key to be able to use
      an MPIDR to find the corresponding core power domain node, traverse to higher
      power domain nodes and index into arrays that contain core specific
      information.
      
      An introductory document has been added to briefly describe the new interface.
      
      Change-Id: I4b444719e8e927ba391cae48a23558308447da13
      82dcc039
    • Soby Mathew's avatar
      PSCI: Introduce new platform and CM helper APIs · 12d0d00d
      Soby Mathew authored
      This patch introduces new platform APIs and context management helper APIs
      to support the new topology framework based on linear core position. This
      framework will be introduced in the follwoing patch and it removes the
      assumption that the MPIDR based affinity levels map directly to levels
      in a power domain tree. The new platforms APIs and context management
      helpers based on core position are as described below:
      
      * plat_my_core_pos() and plat_core_pos_by_mpidr()
      
      These 2 new mandatory platform APIs are meant to replace the existing
      'platform_get_core_pos()' API. The 'plat_my_core_pos()' API returns the
      linear index of the calling core and 'plat_core_pos_by_mpidr()' returns
      the linear index of a core specified by its MPIDR. The latter API will also
      validate the MPIDR passed as an argument and will return an error code (-1)
      if an invalid MPIDR is passed as the argument. This enables the caller to
      safely convert an MPIDR of another core to its linear index without querying
      the PSCI topology tree e.g. during a call to PSCI CPU_ON.
      
      Since the 'plat_core_pos_by_mpidr()' API verifies an MPIDR, which is always
      platform specific, it is no longer possible to maintain a default implementation
      of this API. Also it might not be possible for a platform port to verify an
      MPIDR before the C runtime has been setup or the topology has been initialized.
      This would prevent 'plat_core_pos_by_mpidr()' from being callable prior to
      topology setup. As a result, the generic Trusted Firmware code does not call
      this API before the topology setup has been done.
      
      The 'plat_my_core_pos' API should be able to run without a C runtime.
      Since this API needs to return a core position which is equal to the one
      returned by 'plat_core_pos_by_mpidr()' API for the corresponding MPIDR,
      this too cannot have default implementation and is a mandatory API for
      platform ports. These APIs will be implemented by the ARM reference platform
      ports later in the patch stack.
      
      * plat_get_my_stack() and plat_set_my_stack()
      
      These APIs are the stack management APIs which set/return stack addresses
      appropriate for the calling core. These replace the 'platform_get_stack()' and
      'platform_set_stack()' APIs. A default weak MP version and a global UP version
      of these APIs are provided for the platforms.
      
      * Context management helpers based on linear core position
      
      A set of new context management(CM) helpers viz cm_get_context_by_index(),
      cm_set_context_by_index(), cm_init_my_context() and cm_init_context_by_index()
      are defined which are meant to replace the old helpers which took MPIDR
      as argument. The old CM helpers are implemented based on the new helpers to
      allow for code consolidation and will be deprecated once the switch to the new
      framework is done.
      
      Change-Id: I89758632b370c2812973a4b2efdd9b81a41f9b69
      12d0d00d
  14. 05 Aug, 2015 2 commits
    • Soby Mathew's avatar
      PSCI: Remove references to affinity based power management · 4067dc31
      Soby Mathew authored
      As per Section 4.2.2. in the PSCI specification, the term "affinity"
      is used in the context of describing the hierarchical arrangement
      of cores. This often, but not always, maps directly to the processor
      power domain topology of the system. The current PSCI implementation
      assumes that this is always the case i.e. MPIDR based levels of
      affinity always map to levels in a power domain topology tree.
      
      This patch is the first in a series of patches which remove this
      assumption. It removes all occurences of the terms "affinity
      instances and levels" when used to describe the power domain
      topology. Only the terminology is changed in this patch. Subsequent
      patches will implement functional changes to remove the above
      mentioned assumption.
      
      Change-Id: Iee162f051b228828310610c5a320ff9d31009b4e
      4067dc31
    • Soby Mathew's avatar
      PSCI: Create new directory to implement new frameworks · b48349eb
      Soby Mathew authored
      This patch creates a copy of the existing PSCI files and related psci.h and
      platform.h header files in a new `PSCI1.0` directory. The changes for the
      new PSCI power domain topology and extended state-ID frameworks will be
      added incrementally to these files. This incremental approach will
      aid in review and in understanding the changes better. Once all the
      changes have been introduced, these files will replace the existing PSCI
      files.
      
      Change-Id: Ibb8a52e265daa4204e34829ed050bddd7e3316ff
      b48349eb
  15. 25 Jun, 2015 4 commits
    • Juan Castillo's avatar
      TBB: delete deprecated plat_match_rotpk() · f04585f3
      Juan Castillo authored
      The authentication framework deprecates plat_match_rotpk()
      in favour of plat_get_rotpk_info(). This patch removes
      plat_match_rotpk() from the platform port.
      
      Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
      f04585f3
    • Juan Castillo's avatar
      TBB: add TBBR Chain of Trust · dff93c86
      Juan Castillo authored
      This patch adds a CoT based on the Trusted Board Boot Requirements
      document*. The CoT consists of an array of authentication image
      descriptors indexed by the image identifiers.
      
      A new header file with TBBR image identifiers has been added.
      Platforms that use the TBBR (i.e. ARM platforms) may reuse these
      definitions as part of their platform porting.
      
      PLATFORM PORT - IMPORTANT:
      
      Default image IDs have been removed from the platform common
      definitions file (common_def.h). As a consequence, platforms that
      used those common definitons must now either include the IDs
      provided by the TBBR header file or define their own IDs.
      
      *The NVCounter authentication method has not been implemented yet.
      
      Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
      dff93c86
    • Juan Castillo's avatar
      TBB: add platform API to read the ROTPK information · 95cfd4ad
      Juan Castillo authored
      This patch extends the platform port by adding an API that returns
      either the Root of Trust public key (ROTPK) or its hash. This is
      usually stored in ROM or eFUSE memory. The ROTPK returned must be
      encoded in DER format according to the following ASN.1 structure:
      
          SubjectPublicKeyInfo  ::=  SEQUENCE  {
              algorithm           AlgorithmIdentifier,
              subjectPublicKey    BIT STRING
          }
      
      In case the platform returns a hash of the key:
      
          DigestInfo  ::= SEQUENCE {
              digestAlgorithm     AlgorithmIdentifier,
              keyDigest           OCTET STRING
          }
      
      An implementation for ARM development platforms is provided in this
      patch. When TBB is enabled, the ROTPK hash location must be specified
      using the build option 'ARM_ROTPK_LOCATION'. Available options are:
      
          - 'regs' : return the ROTPK hash stored in the Trusted
            root-key storage registers.
      
          - 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
            BL2 binaries. This hash has been obtained from the development
            RSA public key located in 'plat/arm/board/common/rotpk'.
      
      On FVP, the number of MMU tables has been increased to map and
      access the ROTPK registers.
      
      A new file 'board_common.mk' has been added to improve code sharing
      in the ARM develelopment platforms.
      
      Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
      95cfd4ad
    • Juan Castillo's avatar
      Use numbers to identify images instead of names · 16948ae1
      Juan Castillo authored
      The Trusted firmware code identifies BL images by name. The platform
      port defines a name for each image e.g. the IO framework uses this
      mechanism in the platform function plat_get_image_source(). For
      a given image name, it returns the handle to the image file which
      involves comparing images names. In addition, if the image is
      packaged in a FIP, a name comparison is required to find the UUID
      for the image. This method is not optimal.
      
      This patch changes the interface between the generic and platform
      code with regard to identifying images. The platform port must now
      allocate a unique number (ID) for every image. The generic code will
      use the image ID instead of the name to access its attributes.
      
      As a result, the plat_get_image_source() function now takes an image
      ID as an input parameter. The organisation of data structures within
      the IO framework has been rationalised to use an image ID as an index
      into an array which contains attributes of the image such as UUID and
      name. This prevents the name comparisons.
      
      A new type 'io_uuid_spec_t' has been introduced in the IO framework
      to specify images identified by UUID (i.e. when the image is contained
      in a FIP file). There is no longer need to maintain a look-up table
      [iname_name --> uuid] in the io_fip driver code.
      
      Because image names are no longer mandatory in the platform port, the
      debug messages in the generic code will show the image identifier
      instead of the file name. The platforms that support semihosting to
      load images (i.e. FVP) must provide the file names as definitions
      private to the platform.
      
      The ARM platform ports and documentation have been updated accordingly.
      All ARM platforms reuse the image IDs defined in the platform common
      code. These IDs will be used to access other attributes of an image in
      subsequent patches.
      
      IMPORTANT: applying this patch breaks compatibility for platforms that
      use TF BL1 or BL2 images or the image loading code. The platform port
      must be updated to match the new interface.
      
      Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
      16948ae1
  16. 28 Apr, 2015 2 commits
    • Dan Handley's avatar
      Migrate FVP port to use common code · 60eea55e
      Dan Handley authored
      Major update to the FVP platform port to use the common platform code
      in (include/)plat/arm/* and (include/)plat/common/*. This mainly
      consists of removing duplicated code but also introduces some small
      behavioural changes where there was unnecessary variation between the
      FVP and Juno ports. See earlier commit titled `Add common ARM and CSS
      platform code` for details.
      
      Also add support for Foundation FVP version 9.1 during FVP config
      setup to prevent a warning being emitted in the console.
      
      Change-Id: I254ca854987642ce09d1b924c9fd410a6e13e3bc
      60eea55e
    • Dan Handley's avatar
      Add common ARM and CSS platform code · b4315306
      Dan Handley authored
      This major change pulls out the common functionality from the
      FVP and Juno platform ports into the following categories:
      
      *   (include/)plat/common. Common platform porting functionality that
      typically may be used by all platforms.
      
      *   (include/)plat/arm/common. Common platform porting functionality
      that may be used by all ARM standard platforms. This includes all
      ARM development platforms like FVP and Juno but may also include
      non-ARM-owned platforms.
      
      *   (include/)plat/arm/board/common. Common platform porting
      functionality for ARM development platforms at the board
      (off SoC) level.
      
      *   (include/)plat/arm/css/common. Common platform porting
      functionality at the ARM Compute SubSystem (CSS) level. Juno
      is an example of a CSS-based platform.
      
      *   (include/)plat/arm/soc/common. Common platform porting
      functionality at the ARM SoC level, which is not already defined
      at the ARM CSS level.
      
      No guarantees are made about the backward compatibility of
      functionality provided in (include/)plat/arm.
      
      Also remove any unnecessary variation between the ARM development
      platform ports, including:
      
      *   Unify the way BL2 passes `bl31_params_t` to BL3-1. Use the
      Juno implementation, which copies the information from BL2 memory
      instead of expecting it to persist in shared memory.
      
      *   Unify the TZC configuration. There is no need to add a region
      for SCP in Juno; it's enough to simply not allow any access to
      this reserved region. Also set region 0 to provide no access by
      default instead of assuming this is the case.
      
      *   Unify the number of memory map regions required for ARM
      development platforms, although the actual ranges mapped for each
      platform may be different. For the FVP port, this reduces the
      mapped peripheral address space.
      
      These latter changes will only be observed when the platform ports
      are migrated to use the new common platform code in subsequent
      patches.
      
      Change-Id: Id9c269dd3dc6e74533d0e5116fdd826d53946dc8
      b4315306
  17. 12 Feb, 2015 1 commit
    • Soby Mathew's avatar
      Export maximum affinity using PLATFORM_MAX_AFFLVL macro · 8c32bc26
      Soby Mathew authored
      This patch removes the plat_get_max_afflvl() platform API
      and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
      This is done because the maximum affinity level for a platform
      is a static value and it is more efficient for it to be defined
      as a platform macro.
      
      NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
      
      Fixes ARM-Software/tf-issues#265
      
      Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
      8c32bc26
  18. 28 Jan, 2015 1 commit
    • Juan Castillo's avatar
      TBB: add a platform specific function to validate the ROTPK · 6eadf762
      Juan Castillo authored
      This patch adds the function plat_match_rotpk() to the platform
      porting layer to provide a Root Of Trust Public key (ROTPK)
      verification mechanism. This function is called during the
      Trusted Board Boot process and receives a supposed valid copy
      of the ROTPK as a parameter, usually obtained from an external
      source (for instance, a certificate). It returns 0 (success) if
      that key matches the actual ROTPK stored in the system or any
      other value otherwise.
      
      The mechanism to access the actual ROTPK stored in the system
      is platform specific and should be implemented as part of this
      function. The format of the ROTPK is also platform specific
      (to save memory, some platforms might store a hash of the key
      instead of the whole key).
      
      TRUSTED_BOARD_BOOT build option has been added to allow the user
      to enable the Trusted Board Boot features. The implementation of
      the plat_match_rotpk() funtion is mandatory when Trusted Board
      Boot is enabled.
      
      For development purposes, FVP and Juno ports provide a dummy
      function that returns always success (valid key). A safe trusted
      boot implementation should provide a proper matching function.
      
      Documentation updated accordingly.
      
      Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
      6eadf762
  19. 27 Aug, 2014 1 commit
  20. 20 Aug, 2014 1 commit
    • Soby Mathew's avatar
      Add CPU specific power management operations · add40351
      Soby Mathew authored
      This patch adds CPU core and cluster power down sequences to the CPU specific
      operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and
      generic AEM sequences have been added. The latter is suitable for the
      Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is
      saved in the per-cpu data so that it can be easily accessed during power down
      seqeunces.
      
      An optional platform API has been introduced to allow a platform to disable the
      Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak
      definition of this function (plat_disable_acp()) does not take any action. It
      should be overriden with a strong definition if the ACP is present on a
      platform.
      
      Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
      add40351
  21. 19 Aug, 2014 1 commit
    • Dan Handley's avatar
      Clarify platform porting interface to TSP · 5a06bb7e
      Dan Handley authored
      * Move TSP platform porting functions to new file:
        include/bl32/tsp/platform_tsp.h.
      
      * Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic
        TSP interrupt handling code, instead of depending on the FVP
        specific definition IRQ_SEC_PHY_TIMER.
      
      * Rename TSP platform porting functions from bl32_* to tsp_*, and
        definitions from BL32_* to TSP_*.
      
      * Update generic TSP code to use new platform porting function names
        and definitions.
      
      * Update FVP port accordingly and move all TSP source files to:
        plat/fvp/tsp/.
      
      * Update porting guide with above changes.
      
      Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO
            BE UPDATED
      
      Fixes ARM-software/tf-issues#167
      
      Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
      5a06bb7e
  22. 28 Jul, 2014 1 commit
    • Soby Mathew's avatar
      Introduce crash console APIs for crash reporting · c67b09bd
      Soby Mathew authored
      This patch introduces platform APIs to initialise and
      print a character on a designated crash console.
      For the FVP platform, PL011_UART0 is the designated
      crash console. The platform porting guide is also updated
      to document the new APIs.
      
      Change-Id: I5e97d8762082e0c88c8c9bbb479353eac8f11a66
      c67b09bd
  23. 19 Jul, 2014 1 commit
    • Achin Gupta's avatar
      Make enablement of the MMU more flexible · afff8cbd
      Achin Gupta authored
      This patch adds a 'flags' parameter to each exception level specific function
      responsible for enabling the MMU. At present only a single flag which indicates
      whether the data cache should also be enabled is implemented. Subsequent patches
      will use this flag when enabling the MMU in the warm boot paths.
      
      Change-Id: I0eafae1e678c9ecc604e680851093f1680e9cefa
      afff8cbd
  24. 10 Jul, 2014 1 commit
    • Sandrine Bailleux's avatar
      Add support for BL3-0 image · 93d81d64
      Sandrine Bailleux authored
       - Add support for loading a BL3-0 image in BL2. Information about
         memory extents is populated by platform-specific code. Subsequent
         handling of BL3-0 is also platform specific.
         The BL2 main function has been broken down to improve readability.
         The BL3-2 image is now loaded before the BL3-3 image to align with
         the boot flow.
      
       - Build system: Add support for specifying a BL3-0 image that will be
         included into the FIP image.
      
       - IO FIP driver: Add support for identifying a BL3-0 image inside a
         FIP image.
      
       - Update the documentation to reflect the above changes.
      
      Change-Id: I067c184afd52ccaa86569f13664757570c86fc48
      93d81d64
  25. 09 Jul, 2014 1 commit
    • Dan Handley's avatar
      Refactor fvp_config into common platform header · 6f3b195a
      Dan Handley authored
      Changed the fvp_config array in fvp_common.c into a struct and
      moved into a new optional common platform header,
      include/plat/common/plat_config.h. Removed the config definitions
      in fvp_def.h and updated all references to the platform config.
      
      This makes the interface to the platform config cleaner and uses
      a little less RAM.
      
      Fixes ARM-software/tf-issues#180
      
      Change-Id: I58dd7b3c150f24f7ee230a26fd57c827853ba803
      6f3b195a