GitLab

This patch adds support for the QEMU virt ARMv8-A target.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

A production ROM with TBB enabled must have the ability to boot test software
before a real ROTPK is deployed (e.g. manufacturing mode). Previously the
function plat_get_rotpk_info() must return a valid ROTPK for TBB to succeed.
This patch adds an additional bit `ROTPK_NOT_DEPLOYED` in the output `flags`
parameter from plat_get_rotpk_info(). If this bit is set, then the ROTPK
in certificate is used without verifying against the platform value.

Fixes ARM-software/tf-issues#381

Change-Id: Icbbffab6bff8ed76b72431ee21337f550d8fdbbb

* Move stdlib header files from include/stdlib to include/lib/stdlib for
  consistency with other library headers.
* Fix checkpatch paths to continue excluding stdlib files.
* Create stdlib.mk to define the stdlib source files and include directories.
* Include stdlib.mk from the top level Makefile.
* Update stdlib header path in the fip_create Makefile.
* Update porting-guide.md with the new paths.

Change-Id: Ia92c2dc572e9efb54a783e306b5ceb2ce24d27fa

The system registers that are saved and restored in CPU context include
AArch32 systems registers like SPSR_ABT, SPSR_UND, SPSR_IRQ, SPSR_FIQ,
DACR32_EL2, IFSR32_EL2 and FPEXC32_EL2. Accessing these registers on an
AArch64-only (i.e. on hardware that does not implement AArch32, or at
least not at EL1 and higher ELs) platform leads to an exception. This patch
introduces the build option `CTX_INCLUDE_AARCH32_REGS` to specify whether to
include these AArch32 systems registers in the cpu context or not. By default
this build option is set to 1 to ensure compatibility. AArch64-only platforms
must set it to 0. A runtime check is added in BL1 and BL31 cold boot path to
verify this.

Fixes ARM-software/tf-issues#386

Change-Id: I720cdbd7ed7f7d8516635a2ec80d025f478b95ee

This patch adds a new optional platform hook `pwr_domain_pwr_down_wfi()` in
the plat_psci_ops structure. This hook allows the platform to perform platform
specific actions including the wfi invocation to enter powerdown. This hook
is invoked by both psci_do_cpu_off() and psci_cpu_suspend_start() functions.
The porting-guide.md is also updated for the same.

This patch also modifies the `psci_power_down_wfi()` function to invoke
`plat_panic_handler` incase of panic instead of the busy while loop.

Fixes ARM-Software/tf-issues#375

Change-Id: Iba104469a1445ee8d59fb3a6fdd0a98e7f24dfa3

This patch adds support to select CCN driver for FVP during build.
A new build option `FVP_INTERCONNECT_DRIVER` is added to allow
selection between the CCI and CCN driver. Currently only the CCN-502
variant is supported on FVP.

The common ARM CCN platform helper file now verifies the cluster
count declared by platform is equal to the number of root node
masters exported by the ARM Standard platform.

Change-Id: I71d7b4785f8925ed499c153b2e9b9925fcefd57a

Added a build flag to select the generic delay timer on FVP instead
of the SP804 timer. By default, the generic one will be selected. The
user guide has been updated.

Change-Id: Ica34425c6d4ed95a187b529c612f6d3b26b78bc6

Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
plat_get_syscnt_freq. The old one has been flagged as deprecated.
Common code has been updated to use this new version. Porting guide
has been updated.

Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e

This patch changes the default driver for FVP platform from the deprecated
GICv3 legacy to the GICv3 only driver. This means that the default build of
Trusted Firmware will not be able boot Linux kernel with GICv2 FDT blob. The
user guide is also updated to reflect this change of default GIC driver for
FVP.

Change-Id: Id6fc8c1ac16ad633dabb3cd189b690415a047764

This patch removes support for legacy Versatile Express memory map for the
GIC peripheral in the FVP platform. The user guide is also updated for the
same.

Change-Id: Ib8cfb819083aca359e5b46b5757cb56cb0ea6533

Add MAX_IO_BLOCK_DEVICES in porting guide. It's necessary to define
this macro to support io block device. With this macro, multiple
block devices could be opened at the same time. Each block device
stores its own state.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

The translation table library code has moved from lib/aarch64/ to
lib/xlat_tables/ since commit 3ca9928d but the Porting Guide still
points to the old location. This patch fixes this issue.

Change-Id: I983a9a100d70eacf6bac71725ffbb4bb5f3732b0

This patch adds links to the Cortex-A53 and Cortex-A57 MPCores
Software Developers Errata Notice documents in the ARM CPU Specific
Build Macros document.

Change-Id: I0aa26d7f373026097ed012a02bc61ee2c5b9d6fc

Change-Id: I86ac81ffd7cd094ce68c4cceb01c16563671a063

Change-Id: Icaacd19c4cef9c10d02adcc2f84a4d7c97d4bcfa

Change-Id: Ia2ce8aa752efb090cfc734c1895c8f2539e82439

Change-Id: I632a8c5bb517ff89c69268e865be33101059be7d

Change-Id: I45641551474f4c58c638aff8c42c0ab9a8ec78b4

It is up to the platform to implement the new plat_crash_print_regs macro to
report all relevant platform registers helpful for troubleshooting.

plat_crash_print_regs merges or calls previously defined plat_print_gic_regs
and plat_print_interconnect_regs macros for each existing platforms.

NOTE: THIS COMMIT REQUIRES ALL PLATFORMS THAT ENABLE THE `CRASH_REPORTING`
BUILD FLAG TO MIGRATE TO USE THE NEW `plat_crash_print_regs()` MACRO. BY
DEFAULT, `CRASH_REPORTING` IS ENABLED IN DEBUG BUILDS FOR ALL PLATFORMS.

Fixes: arm-software/tf-issues#373
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>

This patch updates the TF User Guide, simplifying some of the steps
to build and run TF and trying to avoid duplicated information that
is already available on the ARM Connected Community or the Linaro
website.

The recommended Linaro release is now 16.02.

Change-Id: I21db486d56a07bb10f5ee9a33014ccc59ca12986

To avoid confusion the build option BL33_BASE has been renamed to
PRELOADED_BL33_BASE, which is more descriptive of what it does and
doesn't get mistaken by similar names like BL32_BASE that work in a
completely different way.

NOTE: PLATFORMS USING BUILD OPTION `BL33_BASE` MUST CHANGE TO THE NEW
BUILD OPTION `PRELOADED_BL33_BASE`.

Change-Id: I658925ebe95406edf0325f15aa1752e1782aa45b

This patch enables the SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and
BL31 common architectural setup code. When in secure state, this disables
instruction fetches from Non-secure memory.

NOTE: THIS COULD BREAK PLATFORMS THAT HAVE SECURE WORLD CODE EXECUTING FROM
NON-SECURE MEMORY, BUT THIS IS CONSIDERED UNLIKELY AND IS A SERIOUS SECURITY
RISK.

Fixes ARM-Software/tf-issues#372

Change-Id: I684e84b8d523c3b246e9a5fabfa085b6405df319

The Xilinx Zynq UltraScale+ MPSOC containes a quad A53 cluster. This
patch adds the platform port for that SoC.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>

This patch modifies the return type of the platform API
`plat_get_ns_image_entrypoint()` from `unsigned long` to
`uintptr_t` in accordance with the coding guidelines.

Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca

To get round problems encountered when building in a DOS build
environment the generation of the .o file containing build identifier
strings is modified.
The problems encounterred were:
   1. DOS echo doesn't strip ' characters from the output text.
   2. git is not available from CMD.EXE so the BUILD_STRING value needs
      some other origin.

A BUILD_STRING value of "development build" is used for now.

MAKE_BUILD_STRINGS is used to customise build string generation in a DOS
environment. This variable is not defined in the UNIX build environment
make file helper, and so the existing build string generation behaviour
is retained in these build environments.

NOTE: This commit completes a cumulative series aimed at improving
      build portability across development environments.
      This enables the build to run on several new build environments,
      if the relevant tools are available.
      At this point the build is tested on Windows 7 Enterprise SP1,
      using CMD.EXE, Cygwin and Msys (MinGW),as well as a native
      Linux envionment".  The Windows platform builds used
      aarch64-none-elf-gcc.exe 4.9.1.  CMD.EXE and Msys used Gnu
      Make 3.81, cygwin used Gnu Make 4.1.

CAVEAT: The cert_create tool build is not tested on the Windows
        platforms (openssl-for-windows has a GPL license).

Change-Id: Iaa4fc89dbe2a9ebae87e2600c9eef10a6af30251

lib/aarch64/xlat_helpers.c defines helper functions to build
translation descriptors, but no common code or upstream platform
port uses them. As the rest of the xlat_tables code evolves, there
may be conflicts with these helpers, therefore this code should be
removed.

Change-Id: I9f5be99720f929264818af33db8dada785368711

This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.

The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.

** NEW PLATFORM APIs (mandatory when TBB is enabled) **

int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);

    This API returns the non-volatile counter value stored
    in the platform. The cookie in the first argument may be
    used to select the counter in case the platform provides
    more than one (i.e. TBSA compliant platforms must provide
    trusted and non-trusted counters). This cookie is specified
    in the CoT.

int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);

    This API sets a new counter value. The cookie may be
    used to select the counter to be updated.

An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.

** IMPORTANT **

THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.

Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a

This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.

To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
If TSP is present, then setting this option also sets the TSP location
to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.

To use this feature, BL2 platform code must map in the DRAM used by
BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
Currently, only the FVP BL2 platform code maps in this DRAM.

Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67

Asynchronous abort exceptions generated by the platform during cold boot are
not taken in EL3 unless SCR_EL3.EA is set.

Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture
initialisation. Further write accesses to SCR_EL3 preserve these bits during
cold boot.

A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions
being trapped by EL3 after cold boot or not.

For further reference SError Interrupts are also known as asynchronous external
aborts.

On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in
EL3 whatever the SCR_EL3.EA value is.

Fixes arm-software/tf-issues#368
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>

The Firmware Design document is meant to provide a general overview
of the Trusted Firmware code. Although it is useful to provide some
guidance around the responsibilities of the platform layer, it should
not provide too much platform specific implementation details. Right
now, some sections are too tied to the implementation on ARM
platforms. This makes the Firmware Design document harder to digest.

This patch simplifies this aspect of the Firmware Design document.
The sections relating the platform initialisations performed by the
different BL stages have been simplified and the extra details about
the ARM platforms implementation have been moved to the Porting Guide
when appropriate.

This patch also provides various documentation fixes and additions
in the Firmware Design and Platform Porting Guide. In particular:

 - Update list of SMCs supported by BL1.

 - Remove MMU setup from architectural inits, as it is actually
   performed by platform code.

 - Similarly, move runtime services initialisation, BL2 image
   initialization and BL33 execution out of the platform
   initialisation paragraph.

 - List SError interrupt unmasking as part of BL1 architectural
   initialization.

 - Mention Trusted Watchdog enabling in BL1 on ARM platforms.

 - Fix order of steps in "BL2 image load and execution" section.

 - Refresh section about GICv3/GICv2 drivers initialisation on
   ARM platforms.

Change-Id: I32113c4ffdc26687042629cd8bbdbb34d91e3c14

Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.

Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().

All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.

Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134

The previous reset code in BL1 performed the following steps in
order:

1. Warm/Cold boot detection.
   If it's a warm boot, jump to warm boot entrypoint.

2. Primary/Secondary CPU detection.
   If it's a secondary CPU, jump to plat_secondary_cold_boot_setup(),
   which doesn't return.

3. CPU initialisations (cache, TLB...).

4. Memory and C runtime initialization.

For a secondary CPU, steps 3 and 4 are never reached. This shouldn't
be a problem in most cases, since current implementations of
plat_secondary_cold_boot_setup() either panic or power down the
secondary CPUs.

The main concern is the lack of secondary CPU initialization when
bare metal EL3 payloads are used in case they don't take care of this
initialisation themselves.

This patch moves the detection of primary/secondary CPU after step 3
so that the CPU initialisations are performed per-CPU, while the
memory and the C runtime initialisation are only performed on the
primary CPU. The diagrams used in the ARM Trusted Firmware Reset
Design documentation file have been updated to reflect the new boot
flow.

Platforms ports might be affected by this patch depending on the
behaviour of plat_secondary_cold_boot_setup(), as the state of the
platform when entering this function will be different.

Fixes ARM-software/tf-issues#342

Change-Id: Icbf4a0ee2a3e5b856030064472f9fa6696f2eb9e

This patch clarifies a porting API in the Porting Guide that do not
follow the ARM Architecture Program Calling Standards (AAPCS). The
list of registers that are allowed to be clobbered by this API has
been updated in the Porting Guide.

Fixes ARM-software/tf-issues#259

Change-Id: Ibf2adda2e1fb3e9b8f53d8a918d5998356eb8fce

Enable alternative boot flow where BL2 does not load BL33 from
non-volatile storage, and BL31 hands execution over to a preloaded
BL33.

The flag used to enable this bootflow is BL33_BASE, which must hold
the entrypoint address of the BL33 image. The User Guide has been
updated with an example of how to use this option with a bootwrapped
kernel.

Change-Id: I48087421a7b0636ac40dca7d457d745129da474f

`board_arm_def.h` contains multiple definitions of
`PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` that are optimised for
memory usage depending upon the chosen build configuration. To ease
maintenance of these constants, this patch replaces their multiple
definitions with a single set of definitions that will work on all ARM
platforms.

Platforms can override the defaults with optimal values by enabling the
`ARM_BOARD_OPTIMISE_MMAP` build option. An example has been provided in
the Juno ADP port.

Additionally, `PLAT_ARM_MMAP_ENTRIES` is increased by one to accomodate
future ARM platforms.

Change-Id: I5ba6490fdd1e118cc9cc2d988ad7e9c38492b6f0

The common topology description helper funtions and macros for
ARM Standard platforms assumed a dual cluster system. This is not
flexible enough to scale to multi cluster platforms. This patch does
the following changes for more flexibility in defining topology:

1. The `plat_get_power_domain_tree_desc()` definition is moved from
   `arm_topology.c` to platform specific files, that is `fvp_topology.c`
   and `juno_topology.c`. Similarly the common definition of the porting
   macro `PLATFORM_CORE_COUNT` in `arm_def.h` is moved to platform
   specific `platform_def.h` header.

2. The ARM common layer porting macros which were dual cluster specific
   are now removed and a new macro PLAT_ARM_CLUSTER_COUNT is introduced
   which must be defined by each ARM standard platform.

3. A new mandatory ARM common layer porting API
   `plat_arm_get_cluster_core_count()` is introduced to enable the common
   implementation of `arm_check_mpidr()` to validate MPIDR.

4. For the FVP platforms, a new build option `FVP_NUM_CLUSTERS` has been
   introduced which allows the user to specify the cluster count to be
   used to build the topology tree within Trusted Firmare. This enables
   Trusted Firmware to be built for multi cluster FVP models.

Change-Id: Ie7a2e38e5661fe2fdb2c8fdf5641d2b2614c2b6b

This patch adds a link to the Cortex-A57 Software Optimization Guide
in the ARM CPU Specific Build Macros document to justify the default
value of the A57_DISABLE_NON_TEMPORAL_HINT build flag.

Change-Id: I9779e42a4bb118442b2b64717ce143314ec9dd16

The folowing build options were missing from the User Guide and have been
documented:

 - CTX_INCLUDE_FPREGS
 - DISABLE_PEDANTIC
 - BUILD_STRING
 - VERSION_STRING
 - BUILD_MESSAGE_TIMESTAMP

Change-Id: I6a9c39ff52cad8ff04deff3ac197af84d437b8b7

Current code mandates loading of SCP_BL2/SCP_BL2U images for all
CSS platforms. On future ARM CSS platforms, the Application
Processor (AP) might not need to load these images. So, these
items can be removed from the FIP on those platforms.

BL2 tries to load  SCP_BL2/SCP_BL2U images if their base
addresses are defined causing boot error if the images are not
found in FIP.

This change adds a make flag `CSS_LOAD_SCP_IMAGES` which if set
to `1` does:
1. Adds SCP_BL2, SCP_BL2U images to FIP.
2. Defines the base addresses of these images so that AP loads
   them.

And vice-versa if it is set to `0`. The default value is set to
`1`.

Change-Id: I5abfe22d5dc1e9d80d7809acefc87b42a462204a

ARM PL061 GPIO driver requires the "PLAT_PL061_MAX_GPIOS" definition.
By default, it's defined to 32 in PL061 GPIO driver. If user wants
more PL061 controllers in platform, user should define the build
flag in platform.mk instead.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>