GitLab

Instead of having one big file with all the code, it's better to have
a few smaller files that are more manageable:

- xlat_tables_core.c: Code related to the core functionality of the
  library (map and unmap regions, initialize xlat context).
- xlat_tables_context.c: Instantiation of the active image context
  as well as APIs to manipulate it.
- xlat_tables_utils.c: Helper code that isn't part of the core
  functionality (change attributes, debug print messages).

Change-Id: I3ea956fc1afd7473c0bb5e7c6aab3b2e5d88c711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

make_cert: return error when invalid options are used

Couple of fixups for K3 platform

To wake a core from wfi interrupts must be enabled, in some cases they
may not be and so we can lock up here. Unconditionally enable interrupts
before wfi and then restore interrupt state.
Signed-off-by: Andrew F. Davis <afd@ti.com>

Actions may need to be taken by the last core when all clusters
have been shutdown. Add a top level root domain node to coordinate
this between clusters.
Signed-off-by: Andrew F. Davis <afd@ti.com>

maintainers: Modify format of file

The previous format was not very practical and hard to parse by
scripts. The current format is easier as it uses more tokens that can be
identified by scripts, while maintaining a reasonably good result when
it is rendered.

Some maintainers maintain more than one subsystem but they were all
part of the same entry. In cases like this the entry has been split
into two to clarify what file belongs to which subsystem.

The list of maintainers of the Trusted Firmware has been updated.

Change-Id: I4be2d527c5171e8d2d86fb49e45e1d9dbcbd2d80
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Enable MMU without stack for xlat v2/DynamIQ

Previously, data caches were disabled while enabling MMU only because of
active stack. Now that we can enable MMU without using stack, we can
enable both MMU and data caches at the same time.

Change-Id: I73f3b8bae5178610e17e9ad06f81f8f6f97734a6
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

Having an active stack while enabling MMU has shown coherency problems.
This patch builds on top of translation library changes that introduces
MMU-enabling without using stacks.

Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
enabling MMU only because of active stack. Now that we can enable MMU
without using stack, we can enable both MMU and data caches at the same
time.

NOTE: Since this feature depends on using translation table library v2,
disallow using translation table library v1 with HW_ASSISTED_COHERENCY.

Fixes ARM-software/tf-issues#566

Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

An earlier patch split MMU-enabling function for translation library v2.
Although we don't intend to introduce the exact same functionality for
xlat v1, this patch introduces stubs for directly enabling MMU to
maintain API-compatibility.

Change-Id: Id7d56e124c80af71de999fcda10f1734b50bca97
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

At present, the function provided by the translation library to enable
MMU constructs appropriate values for translation library, and programs
them to the right registers. The construction of initial values,
however, is only required once as both the primary and secondaries
program the same values.

Additionally, the MMU-enabling function is written in C, which means
there's an active stack at the time of enabling MMU. On some systems,
like Arm DynamIQ, having active stack while enabling MMU during warm
boot might lead to coherency problems.

This patch addresses both the above problems by:

  - Splitting the MMU-enabling function into two: one that sets up
    values to be programmed into the registers, and another one that
    takes the pre-computed values and writes to the appropriate
    registers. With this, the primary effectively calls both functions
    to have the MMU enabled, but secondaries only need to call the
    latter.

  - Rewriting the function that enables MMU in assembly so that it
    doesn't use stack.

This patch fixes a bunch of MISRA issues on the way.

Change-Id: I0faca97263a970ffe765f0e731a1417e43fbfc45
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

ARM platforms: Initialize cntfrq for BL1 Firmware update

Document ep_info attribute flags

Print_help was used in different contexts and returning no
error in that function was hiding the error when incorrect
options were used.

Change-Id: Ic3f71748be7ff8440c9d54810b986e9f177f4439
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

The meaning of them wasn't clear in the header file, it was needed to
search the code for the places where they are used.

Add parentheses to macros in the same header.

Change-Id: I700bc0fd75ccfc0a34f439cb3b2692861bb73b9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Currenly the CNTFRQ register and system timer is initialized in BL31 for
use by the normal world. During firmware update, the NS-BL1 or NS-BL2U
may need to access the system timer. Hence this patch duplicates the
CNTFRQ and system timer initialization in BL1 as well.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc

Set FVP DYN_DISABLE_AUTH authentication default to 0

Set the ability to dynamically disable Trusted Boot Board
authentication to be off by default

Change-Id: Ibd2aa179179f7d9b0e7731c6e450f200a8c67529
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

npoushin/sgi575 coverity fixes

maintainers.rst: separate maintainership of uniphier and synquacer

In the case of the platform max power level being less than the system
power level, make sure to not overrun the array of power states.

This fixes Coverity Scan OVERRUN defect CID 267021.

Change-Id: I52646ab9be2fceeb5c331b5dad7a6267991f4197
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>

This is to fix a number of Coverity Scan DEADCODE defects, CID numbers
listed below, as reported from
https://scan.coverity.com/projects/arm-software-arm-trusted-firmware



CID 267023
CID 267022
CID 267020

Change-Id: I2963a799b210149e84ccab5c5b9082267ddfe337
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>

Socionext has multiple product lines.  The UniPhier is not the only
platform any more.  Correct the maintainership.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Move mem-protect definitions to board specific files

Fix typos in documentation

Make TF UUID RFC 4122 compliant

In the porting guide, there are blue boxes that describe the argument
types and the return type of each function.  A small typo caused some of
these boxes not being properly rendered.

In the user guide, small typos were fixed that caused random text being
unintentionally rendered as bold.  Also, a slight rewording was done in
the section describing the DYN_DISABLE_AUTH flag.

Change-Id: I57303ca609436a82162fa9b42c06b0d5a63da6df
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

SDEI client EL determination fix

The function end_sdei_explicit_dispatch() was intended to be
end_sdei_synchronous_dispatch() which does the opposite of
begin_sdei_synchronous_dispatch(). This patch fixes that.

No functional changes.

Change-Id: I141bd91eb342ecf4ddfd05b49513eee4549e7a56
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

commit 2ccfcb2e

 ("SDEI: Determine client
EL from NS context's SCR_EL3") intended to read from SCR_EL3, but
wrongly read from SPSR_EL3 instead. This patch fixes that.

Change-Id: I8ffea39cc98ef59cb8e7a4c6ef4cb12011c58536
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

SDEI: Fix dispatch bug

The Commit cdb6ac94

 introduced a bug
because of which the SDEI dispatcher wrongly panic when an SDEI event
dispatched earlier as a result of interrupt. This patch fixes the check
for a bound interrupt.

Change-Id: If55c8f0422ff781731248bbbc9c1b59fa0d3c4b0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

SDEI dispatch changes to enable RAS use cases

xlat: Remove mmap_attr_t enum type

Add support for Socionext Synquacer SC2A11 SoC based Developerbox platform.

The values defined in this type are used in logical operations, which
goes against MISRA Rule 10.1: "Operands shall not be of an inappropriate
essential type".

Now, `unsigned int` is used instead. This also allows us to move the
dynamic mapping bit from 30 to 31. It was an undefined behaviour in the
past because an enum is signed by default, and bit 31 corresponds to the
sign bit. It is undefined behaviour to modify the sign bit. Now, bit 31
is free to use as it was originally meant to be.

mmap_attr_t is now defined as an `unsigned int` for backwards
compatibility.

Change-Id: I6b31218c14b9c7fdabebe432de7fae6e90a97f34
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

SPM: Allow entering the SP without needing a SMC

The file arm_ras.c intended to provide common platform-specific RAS
configuration for Arm platforms. Because this file has symbol
definitions, it's proving difficult to provide a common definition.

This patch therefore renames and makes the file specific to FVP. Other
platforms shall provide their own configuration in similar fashion.

Change-Id: I766fd238946e3e49cdb659680e1b45f41b237901
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.

With this patch:

  - SDEI interrupts and calls to sdei_dispatch_event prepares the NS
    context for event dispatch, then sets a jump point, and immediately
    exits EL3. This results in the client handler executing in
    Non-secure.

  - When the SDEI client completes the dispatched event, the SDEI
    dispatcher does a longjmp to the jump pointer created earlier. For
    the caller of the sdei_dispatch_event() in particular, this would
    appear as if call returned successfully.

The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.

Documentation updated.

NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.

Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>