- 12 Jan, 2017 1 commit
-
-
Masahiro Yamada authored
We are duplicating this macro define, and it is useful enough to be placed in the common place. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 10 Jan, 2017 1 commit
-
-
Nishanth Menon authored
tbz check for RDR status is to check for a bit being zero. Unfortunately, we are using a mask rather than the bit position. Further as per http://www.ti.com/lit/ds/symlink/pc16550d.pdf (page 17), LSR register bit 0 is Data ready status (RDR), not bit position 2. Update the same to match the specification. Reported-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: Nishanth Menon <nm@ti.com>
-
- 30 Dec, 2016 1 commit
-
-
dp-arm authored
Previously, fiptool only understood a fixed set of images as specified in tbbr_config.c. It preserved unknown images during the update, unpack and remove operations but it was not possible to explicitly refer to one of those unknown images. Add a new --blob option to create/update/unpack/remove images that are not known at compile time. This is accomplished by specifying the UUID and filename pair as shown below: $ ./fiptool create --blob uuid=01234567-89ab-cdef-0123-456789abcdef,file=foo.bin fip.bin $ ./fiptool info fip.bin 01234567-89ab-cdef-0123-456789abcdef: offset=0x60, size=0x1AA68 Fixes ARM-software/tf-issues#420 Change-Id: Iaac2504b9a4252289c09e73d29645cbe240f3a82 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 23 Dec, 2016 1 commit
-
-
Douglas Raillard authored
Standard SMC requests that are handled in the secure-world by the Secure Payload can be preempted by interrupts that must be handled in the normal world. When the TSP is preempted the secure context is stored and control is passed to the normal world to handle the non-secure interrupt. Once completed the preempted secure context is restored. When restoring the preempted context, the dispatcher assumes that the TSP preempted context is still stored as the SECURE context by the context management library. However, PSCI power management operations causes synchronous entry into TSP. This overwrites the preempted SECURE context in the context management library. When restoring back the SECURE context, the Secure Payload crashes because this context is not the preempted context anymore. This patch avoids corruption of the preempted SECURE context by aborting any preempted SMC during PSCI power management calls. The abort_std_smc_entry hook of the TSP is called when aborting the SMC request. It also exposes this feature as a FAST SMC callable from normal world to abort preempted SMC with FID TSP_FID_ABORT. Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 20 Dec, 2016 2 commits
-
-
Douglas Raillard authored
Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros. Also remove an undefined behavior by using unsigned literals. Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce272 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
Sandrine Bailleux authored
The is_mem_free() function used to be local to bl_common.c. This patch exports it so that it can be used outside of bl_common.c. Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 19 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
ASM_ASSERT failure and panic messages are suppressed at present. This patch enables printing the PC location for panic messages, and file name and line number upon assembly assert failure. Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 15 Dec, 2016 4 commits
-
-
Jeenu Viswambharan authored
Various CPU drivers in ARM Trusted Firmware register functions to handle power-down operations. At present, separate functions are registered to power down individual cores and clusters. This scheme operates on the basis of core and cluster, and doesn't cater for extending the hierarchy for power-down operations. For example, future CPUs might support multiple threads which might need powering down individually. This patch therefore reworks the CPU operations framework to allow for registering power down handlers on specific level basis. Henceforth: - Generic code invokes CPU power down operations by the level required. - CPU drivers explicitly mention CPU_NO_RESET_FUNC when the CPU has no reset function. - CPU drivers register power down handlers as a list: a mandatory handler for level 0, and optional handlers for higher levels. All existing CPU drivers are adapted to the new CPU operations framework without needing any functional changes within. Also update firmware design guide. Change-Id: I1826842d37a9e60a9e85fdcee7b4b8f6bc1ad043 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
dp-arm authored
The previous code required that a certificate be signed with the ROT key before the platform's NV counter could be updated with the value in the certificate. This implies that the Non-Trusted NV counter was not being updated for Non-Trusted content certificates, as they cannot be signed with the ROT key in the TBBR CoT scheme. The code is reworked to only allow updating the platform's Trusted NV counter when a certificate protected by the Trusted NV counter is signed with the ROT key. Content certificates protected by the Non-Trusted NV counter are allowed to update the platform's Non-Trusted NV counter, assuming that the certificate value is higher than the platform's value. A new optional platform API has been introduced, named plat_set_nv_ctr2(). Platforms may choose to implement it and perform additional checks based on the authentication image descriptor before modifying the NV counters. A default weak implementation is available that just calls into plat_set_nv_ctr(). Fixes ARM-software/tf-issues#426 Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
Jeenu Viswambharan authored
As with other ARM platform GIC APIs, these directly invoke the GICv3 driver APIs for Redistributor power management. For the sake of uniform GIC API, empty stubs are placed for those GIC drivers that lack Redistributor component. Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
Jeenu Viswambharan authored
Some GICv3 implementations have provision for power management operations at Redistributor level. This patch introduces and provides place-holders for Redistributor power management. The default implementations are empty stubs, but are weakly bound so as to enable implementation-specific drivers to override them. Change-Id: I4fec1358693d3603ca5dce242a2f7f0e730516d8 Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 14 Dec, 2016 3 commits
-
-
Yatharth Kochar authored
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU) support, for AArch64, when LOAD_IMAGE_V2 is enabled. This patch also enables LOAD_IMAGE_V2 for ARM platforms. Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
-
Antonio Nino Diaz authored
Some files have incorrect copyright notices, this patch fixes all files with deviations from the standard notice. Change-Id: I66b73e78a50a235acb55f1e2ec2052a42c0570d2 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
dp-arm authored
Testing showed that the time spent in a cluster power down operation is dominated by cache flushes. Add two more timestamps in runtime instrumentation to keep track of the time spent flushing the L1/L2 caches. Change-Id: I4c5a04e7663543225a85d3c6b271d7b706deffc4 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 13 Dec, 2016 3 commits
-
-
Antonio Nino Diaz authored
The now deprecated ADDR_SPACE_SIZE has been replaced by the two defines PLAT_PHY_ADDR_SPACE_SIZE and PLAT_VIRT_ADDR_SPACE_SIZE. Change-Id: I027a2f02f47ab2f679b8979a6dbfb0f08270a1a4 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Added the definitions `PLAT_PHY_ADDR_SPACE_SIZE` and `PLAT_VIRT_ADDR_SPACE_SIZE` which specify respectively the physical and virtual address space size a platform can use. `ADDR_SPACE_SIZE` is now deprecated. To maintain compatibility, if any of the previous defines aren't present, the value of `ADDR_SPACE_SIZE` will be used instead. For AArch64, register ID_AA64MMFR0_EL1 is checked to calculate the max PA supported by the hardware and to verify that the previously mentioned definition is valid. For AArch32, a 40 bit physical address space is considered. Added asserts to check for overflows. Porting guide updated. Change-Id: Ie8ce1da5967993f0c94dbd4eb9841fc03d5ef8d6 Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
Antonio Nino Diaz authored
Each translation table level entry can only map a given virtual address onto physical addresses of the same granularity. For example, with the current configuration, a level 2 entry maps blocks of 2 MB, so the physical address must be aligned to 2 MB. If the address is not aligned, the MMU will just ignore the lower bits. This patch adds an assertion to make sure that physical addresses are always aligned to the correct boundary. Change-Id: I0ab43df71829d45cdbe323301b3053e08ca99c2c Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-
- 12 Dec, 2016 1 commit
-
-
Soby Mathew authored
The AArch32 Procedure call Standard mandates that the stack must be aligned to 8 byte boundary at external interfaces. This patch does the required changes. This problem was detected when a crash was encountered in `psci_print_power_domain_map()` while printing 64 bit values. Aligning the stack to 8 byte boundary resolved the problem. Fixes ARM-Software/tf-issues#437 Change-Id: I517bd8203601bb88e9311bd36d477fb7b3efb292 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 07 Dec, 2016 2 commits
-
-
Soby Mathew authored
The capabilities exposed by the PSCI generic layer depends on the hooks populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM Standard platforms statically define this structure. However, some platforms may want to modify the hooks at runtime before registering them with the generic layer. This patch introduces a new ARM platform layer API `plat_arm_psci_override_pm_ops` which allows the platform to probe the power controller and modify `plat_arm_psci_pm_ops` if required. Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as `const` on ARM Standard platforms. Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
Soby Mathew authored
This patch introduces an additional layer of abstraction between CSS power management hooks and the SCPI driver. A new set of APIs are introduced in order to abstract out power management operations from underlying communication mechanism with the SCP. The SCPI and the associated MHU drivers are moved into a `drivers` folder in CSS. The new SCP communication abstraction layer is added in the `drivers/scp` folder. The existing CSS power management uses the new APIs to reflect this abstraction. Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 05 Dec, 2016 1 commit
-
-
Jeenu Viswambharan authored
There are many instances in ARM Trusted Firmware where control is transferred to functions from which return isn't expected. Such jumps are made using 'bl' instruction to provide the callee with the location from which it was jumped to. Additionally, debuggers infer the caller by examining where 'lr' register points to. If a 'bl' of the nature described above falls at the end of an assembly function, 'lr' will be left pointing to a location outside of the function range. This misleads the debugger back trace. This patch defines a 'no_ret' macro to be used when jumping to functions from which return isn't expected. The macro ensures to use 'bl' instruction for the jump, and also, for debug builds, places a 'nop' instruction immediately thereafter (unless instructed otherwise) so as to leave 'lr' pointing within the function range. Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
-
- 01 Dec, 2016 3 commits
-
-
David Cunado authored
This patch resets EL2 and EL3 registers that have architecturally UNKNOWN values on reset and that also provide EL2/EL3 configuration and trap controls. Specifically, the EL2 physical timer is disabled to prevent timer interrups into EL2 - CNTHP_CTL_EL2 and CNTHP_CTL for AArch64 and AArch32, respectively. Additionally, for AArch64, HSTR_EL2 is reset to avoid unexpected traps of non-secure access to certain system registers at EL1 or lower. For AArch32, the patch also reverts the reset to SDCR which was incorrectly added in a previous change. Change-Id: If00eaa23afa7dd36a922265194ccd6223187414f Signed-off-by: David Cunado <david.cunado@arm.com>
-
Qixiang.Xu authored
C99 restricts bitfields type is signed and unsigned integer or _Bool. See section 6.7.2.1 Structure and union specifiers. "A bit-field shall have a type that is a qualified or unqualified version of _Bool, signed int, unsigned int, or some other implementation-defined type." Since the compiler packs bitfields anyways, actual data layout in the structure is unaffected. Signed-off-by: Alex Nemirovsky <alex.nemirovsky@cortina-access.com>
-
Yatharth Kochar authored
This patch makes following miscellaneous fixes: * pl011_console.S: Fixed the bit mask used to check if the transmit FIFO is full or empty. * smcc_macros.S: Added `_fsxc` suffix while updating the SPSR. By default the assembler assumes `_fc` suffix which does not update all the fields in SPSR. By adding `_fsxc` suffix all the fields gets updated. * platform_helpers.S: Removed the weak definition for `plat_my_core_pos()` as this is a mandatory function which needs to be defined by all platforms. Change-Id: I8302292533c943686fff8d7c749a07132c052a3b Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
-
- 21 Nov, 2016 1 commit
-
-
Douglas Raillard authored
This allows the debugger to print the callstack when there is an assembly function in the callstack. It will work as long as the CFA pointer (frame pointer) location is not modified (i.e. x29 is not touched in AArch64 state). It is the case in almost all assembly functions, so this patch improves the average debugging experience. Call stacks from the debugger should still be interpreted with care. In more complex functions, one could use .cfi* directives to inform the debugger about the new location of the CFA pointer. Change-Id: I9dabfbc033b45e8528e67f4823c17de7bf02fa24 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
-
- 09 Nov, 2016 1 commit
-
-
David Cunado authored
In order to avoid unexpected traps into EL3/MON mode, this patch resets the debug registers, MDCR_EL3 and MDCR_EL2 for AArch64, and SDCR and HDCR for AArch32. MDCR_EL3/SDCR is zero'ed when EL3/MON mode is entered, at the start of BL1 and BL31/SMP_MIN. For MDCR_EL2/HDCR, this patch zero's the bits that are architecturally UNKNOWN values on reset. This is done when exiting from EL3/MON mode but only on platforms that support EL2/HYP mode but choose to exit to EL1/SVC mode. Fixes ARM-software/tf-issues#430 Change-Id: Idb992232163c072faa08892251b5626ae4c3a5b6 Signed-off-by: David Cunado <david.cunado@arm.com>
-
- 14 Oct, 2016 1 commit
-
-
Soby Mathew authored
The values of CP15BEN, nTWI & nTWE bits in SCTLR_EL1 are architecturally unknown if EL3 is AARCH64 whereas they reset to 1 if EL3 is AArch32. This might be a compatibility break for legacy AArch32 normal world software if these bits are not set to 1 when EL3 is AArch64. This patch enables the CP15BEN, nTWI and nTWE bits in the SCTLR_EL1 if the lower non-secure EL is AArch32. This unifies the SCTLR settings for lower non-secure EL in AArch32 mode for both AArch64 and AArch32 builds of Trusted Firmware. Fixes ARM-software/tf-issues#428 Change-Id: I3152d1580e4869c0ea745c5bd9da765f9c254947 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
-
- 12 Oct, 2016 3 commits
-
-
dp-arm authored
This include provides nothing useful for TF and prevents building the fiptool using musl libc[0]. [0] https://www.musl-libc.org/ Change-Id: Ied35e16b9ea2b40213433f2a8185dddc59077884 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
In order to quantify the overall time spent in the PSCI software implementation, an initial collection of PMF instrumentation points has been added. Instrumentation has been added to the following code paths: - Entry to PSCI SMC handler. The timestamp is captured as early as possible during the runtime exception and stored in memory before entering the PSCI SMC handler. - Exit from PSCI SMC handler. The timestamp is captured after normal return from the PSCI SMC handler or if a low power state was requested it is captured in the bl31 warm boot path before return to normal world. - Entry to low power state. The timestamp is captured before entry to a low power state which implies either standby or power down. As these power states are mutually exclusive, only one timestamp is defined to describe both. It is possible to differentiate between the two power states using the PSCI STAT interface. - Exit from low power state. The timestamp is captured after a standby or power up operation has completed. To calculate the number of cycles spent running code in Trusted Firmware one can perform the following calculation: (exit_psci - enter_psci) - (exit_low_pwr - enter_low_pwr). The resulting number of cycles can be converted to time given the frequency of the counter. Change-Id: Ie3b8f3d16409b6703747093b3a2d5c7429ad0166 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
dp-arm authored
This patch adds ARM SiP service for use by ARM standard platforms. This service is added to support the SMC interface for the Performance measurement framework(PMF). Change-Id: I26f5712f9ab54f5f721dd4781e35a16f40aacc44 Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
-
- 28 Sep, 2016 1 commit
-
-
Yatharth Kochar authored
At present the `el3_entrypoint_common` macro uses `memcpy` function defined in lib/stdlib/mem.c file, to copy data from ROM to RAM for BL1. Depending on the compiler being used the stack could potentially be used, in `memcpy`, for storing the local variables. Since the stack is initialized much later in `el3_entrypoint_common` it may result in unknown behaviour. This patch adds `memcpy4` function definition in assembly so that it can be used before the stack is initialized and it also replaces `memcpy` by `memcpy4` in `el3_entrypoint_common` macro, to copy data from ROM to RAM for BL1. Change-Id: I3357a0e8095f05f71bbbf0b185585d9499bfd5e0
-
- 22 Sep, 2016 2 commits
-
-
Soby Mathew authored
This patch moves the invocation of `psci_setup()` from BL31 and SP_MIN into `std_svc_setup()` as part of ARM Standard Service initialization. This allows us to consolidate ARM Standard Service initializations which will be added to in the future. A new function `get_arm_std_svc_args()` is introduced to get arguments corresponding to each standard service. This function must be implemented by the EL3 Runtime Firmware and both SP_MIN and BL31 implement it. Change-Id: I38e1b644f797fa4089b20574bd4a10f0419de184
-
Soby Mathew authored
This patch introduces a `psci_lib_args_t` structure which must be passed into `psci_setup()` which is then used to initialize the PSCI library. The `psci_lib_args_t` is a versioned structure so as to enable compatibility checks during library initialization. Both BL31 and SP_MIN are modified to use the new structure. SP_MIN is also modified to add version string and build message as part of its cold boot log just like the other BLs in Trusted Firmware. NOTE: Please be aware that this patch modifies the prototype of `psci_setup()`, which breaks compatibility with EL3 Runtime Firmware (excluding BL31 and SP_MIN) integrated with the PSCI Library. Change-Id: Ic3761db0b790760a7ad664d8a437c72ea5edbcd6
-
- 21 Sep, 2016 5 commits
-
-
Yatharth Kochar authored
This patch adds ARM Cortex-A32 MPCore Processor support in the CPU specific operations framework. It also includes this support for the Base FVP port. Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
-
Yatharth Kochar authored
This patch adds support in SP_MIN to receive generic and platform specific arguments from BL2. The new signature is as following: void sp_min_early_platform_setup(void *from_bl2, void *plat_params_from_bl2); ARM platforms have been modified to use this support. Note: Platforms may break if using old signature. Default value for RESET_TO_SP_MIN is changed to 0. Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
-
Yatharth Kochar authored
This patch adds generic changes in BL1 to support AArch32 state. New AArch32 specific assembly/C files are introduced and some files are moved to AArch32/64 specific folders. BL1 for AArch64 is refactored but functionally identical. BL1 executes in Secure Monitor mode in AArch32 state. NOTE: BL1 in AArch32 state ONLY handles BL1_RUN_IMAGE SMC. Change-Id: I6e2296374c7efbf3cf2aa1a0ce8de0732d8c98a5
-
Yatharth Kochar authored
This patch adds common changes to support AArch32 state in BL1 and BL2. Following are the changes: * Added functions for disabling MMU from Secure state. * Added AArch32 specific SMC function. * Added semihosting support. * Added reporting of unhandled exceptions. * Added uniprocessor stack support. * Added `el3_entrypoint_common` macro that can be shared by BL1 and BL32 (SP_MIN) BL stages. The `el3_entrypoint_common` is similar to the AArch64 counterpart with the main difference in the assembly instructions and the registers that are relevant to AArch32 execution state. * Enabled `LOAD_IMAGE_V2` flag in Makefile for `ARCH=aarch32` and added check to make sure that platform has not overridden to disable it. Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
-
Yatharth Kochar authored
This patch adds changes in ARM platform code to use new version of image loading. Following are the major changes: -Refactor the signatures for bl31_early_platform_setup() and arm_bl31_early_platform_setup() function to use `void *` instead of `bl31_params_t *`. -Introduce `plat_arm_bl2_handle_scp_bl2()` to handle loading of SCP_BL2 image from BL2. -Remove usage of reserve_mem() function from `arm_bl1_early_platform_setup()` -Extract BL32 & BL33 entrypoint info, from the link list passed by BL2, in `arm_bl31_early_platform_setup()` -Provides weak definitions for following platform functions: plat_get_bl_image_load_info plat_get_next_bl_params plat_flush_next_bl_params bl2_plat_handle_post_image_load -Instantiates a descriptor array for ARM platforms describing image and entrypoint information for `SCP_BL2`, `BL31`, `BL32` and `BL33` images. All the above changes are conditionally compiled using the `LOAD_IMAGE_V2` flag. Change-Id: I5e88b9785a3df1a2b2bbbb37d85b8e353ca61049
-
- 20 Sep, 2016 2 commits
-
-
Yatharth Kochar authored
This patch adds changes in BL1 & BL2 to use new version of image loading to load the BL images. Following are the changes in BL1: -Use new version of load_auth_image() to load BL2 -Modified `bl1_init_bl2_mem_layout()` to remove using `reserve_mem()` and to calculate `bl2_mem_layout`. `bl2_mem_layout` calculation now assumes that BL1 RW data is at the top of the bl1_mem_layout, which is more restrictive than the previous BL1 behaviour. Following are the changes in BL2: -The `bl2_main.c` is refactored and all the functions for loading BLxx images are now moved to `bl2_image_load.c` `bl2_main.c` now calls a top level `bl2_load_images()` to load all the images that are applicable in BL2. -Added new file `bl2_image_load_v2.c` that uses new version of image loading to load the BL images in BL2. All the above changes are conditionally compiled using the `LOAD_IMAGE_V2` flag. Change-Id: Ic6dcde5a484495bdc05526d9121c59fa50c1bf23
-
Yatharth Kochar authored
This patch adds capability to load BL images based on image descriptors instead of hard coded way of loading BL images. This framework is designed such that it can be readily adapted by any BL stage that needs to load images. In order to provide the above capability the following new platform functions are introduced: bl_load_info_t *plat_get_bl_image_load_info(void); This function returns pointer to the list of images that the platform has populated to load. bl_params_t *plat_get_next_bl_params(void); This function returns a pointer to the shared memory that the platform has kept aside to pass trusted firmware related information that next BL image needs. void plat_flush_next_bl_params(void); This function flushes to main memory all the params that are passed to next image. int bl2_plat_handle_post_image_load(unsigned int image_id) This function can be used by the platforms to update/use image information for given `image_id`. `desc_image_load.c` contains utility functions which can be used by the platforms to generate, load and executable, image list based on the registered image descriptors. This patch also adds new version of `load_image/load_auth_image` functions in-order to achieve the above capability. Following are the changes for the new version as compared to old: - Refactor the signature and only keep image_id and image_info_t arguments. Removed image_base argument as it is already passed through image_info_t. Given that the BL image base addresses and limit/size are already provided by the platforms, the meminfo_t and entry_point_info arguments are not needed to provide/reserve the extent of free memory for the given BL image. - Added check for the image size against the defined max size. This is needed because the image size could come from an unauthenticated source (e.g. the FIP header). To make this check, new member is added to the image_info_t struct for identifying the image maximum size. New flag `LOAD_IMAGE_V2` is added in the Makefile. Default value is 0. NOTE: `TRUSTED_BOARD_BOOT` is currently not supported when `LOAD_IMAGE_V2` is enabled. Change-Id: Ia7b643f4817a170d5a2fbf479b9bc12e63112e79
-