SDEI: Make dispatches synchronous

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

Ho

SDEI: Make dispatches synchronous

SDEI event dispatches currently only sets up the Non-secure context
before returning to the caller. The actual dispatch only happens upon
exiting EL3 next time.

However, for various error handling scenarios, it's beneficial to have
the dispatch happen synchronously. I.e. when receiving SDEI interrupt,
or for a successful sdei_dispatch_event() call, the event handler is
executed; and upon the event completion, dispatcher execution resumes
after the point of dispatch. The jump primitives introduced in the
earlier patch facilitates this feature.

With this patch:

- SDEI interrupts and calls to sdei_dispatch_event prepares the NS
context for event dispatch, then sets a jump point, and immediately
exits EL3. This results in the client handler executing in
Non-secure.

- When the SDEI client completes the dispatched event, the SDEI
dispatcher does a longjmp to the jump pointer created earlier. For
the caller of the sdei_dispatch_event() in particular, this would
appear as if call returned successfully.

The dynamic workaround for CVE_2018_3639 is slightly shifted around as
part of related minor refactoring. It doesn't affect the workaround
functionality.

Documentation updated.

NOTE: This breaks the semantics of the explicit dispatch API, and any
exiting usages should be carefully reviewed.

Change-Id: Ib9c876d27ea2af7fb22de49832e55a0da83da3f9
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

SDEI: Allow platforms to define explicit events

The current macros only allow to define dynamic and statically-bound
SDEI events. However, there ought be a mechanism to define SDEI events
that are e

SDEI: Allow platforms to define explicit events

The current macros only allow to define dynamic and statically-bound
SDEI events. However, there ought be a mechanism to define SDEI events
that are explicitly dispatched; i.e., events that are dispatched as a
result of a previous secure interrupt or other exception

This patch introduces SDEI_EXPLICIT_EVENT() macro to define an explicit
event. They must be placed under private mappings. Only the priority
flags are allowed to be additionally specified.

Documentation updated.

Change-Id: I2e12f5571381195d6234c9dfbd5904608ad41db3
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

Merge pull request #1428 from jeenu-arm/mbedtls

Move to mbedtls-2.10.0 tag

synquacer: Add platform makefile and documentation

Add Makefile and plaform definations file.
My thanks to Daniel Thompson and Ard Biesheuvel for the bits and pieces
I've taken from their earlier wo

synquacer: Add platform makefile and documentation

Add Makefile and plaform definations file.
My thanks to Daniel Thompson and Ard Biesheuvel for the bits and pieces
I've taken from their earlier work regarding build and deploy steps for
Developerbox based on Synquacer SoCs. They deserve much of the credit
for this work although, since I assembled and tested things, any blame
is probably mine.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Daniel Thompson <daniel.thompson@linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

show more ...

Merge pull request #1403 from glneo/for-upstream-k3

TI K3 platform support

Merge pull request #1413 from grandpaul/paulliu-rpi3-0

rpi3: BL32 optee support

ti: k3: Setup initial files for platform

Create the baseline Makefile, platform definitions file and platform
specific assembly macros file. This includes first set of constants
for the platform inc

ti: k3: Setup initial files for platform

Create the baseline Makefile, platform definitions file and platform
specific assembly macros file. This includes first set of constants
for the platform including cache sizes and linker format and a stub for
BL31 and the basic memory layout

K3 SoC family of processors do not use require a BL1 or BL2 binary,
since such functions are provided by an system controller on the SoC.
This lowers the burden of ATF to purely managing the local ARM cores
themselves.

Signed-off-by: Benjamin Fair <b-fair@ti.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Andrew F. Davis <afd@ti.com>

show more ...

Merge pull request #1410 from Anson-Huang/master

Add NXP's i.MX8QX and i.MX8QM SoC support

rpi3: update documentation for OP-TEE support

Describe how to use BL32 build variable to load OP-TEE into FIP.

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>

Merge pull request #1400 from Andre-ARM/allwinner/v1

Allwinner platform support

Support for NXP's i.MX8QM SoC

NXP's i.MX8QM is an ARMv8 SoC with 2 clusters, 2 Cortex-A72
cores in one cluster and 4 Cortex-A53 in the other cluster,
and also has system controller (Cortex-M4) insid

Support for NXP's i.MX8QM SoC

NXP's i.MX8QM is an ARMv8 SoC with 2 clusters, 2 Cortex-A72
cores in one cluster and 4 Cortex-A53 in the other cluster,
and also has system controller (Cortex-M4) inside, documentation
can be found in below link:

https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES

This patch adds support for booting up SMP linux kernel (v4.9).

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>

show more ...

Support for NXP's i.MX8QX SoC

NXP's i.MX8QX is an ARMv8 SoC with 4 Cortex-A35 cores and
system controller (Cortex-M4) inside, documentation can
be found in below link:

https://www.nxp.com/products/

Support for NXP's i.MX8QX SoC

NXP's i.MX8QX is an ARMv8 SoC with 4 Cortex-A35 cores and
system controller (Cortex-M4) inside, documentation can
be found in below link:

https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES

This patch adds support for booting up SMP linux kernel (v4.9).

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>

show more ...

Move to mbedtls-2.10.0 tag

To build with the new release, we pick couple of more files from mbedTLS
library.

Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <

Move to mbedtls-2.10.0 tag

To build with the new release, we pick couple of more files from mbedTLS
library.

Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

allwinner: Add Allwinner A64 support

The Allwinner A64 SoC is quite popular on single board computers.
It comes with four Cortex-A53 cores in a singe cluster and the usual
peripherals for set-top bo

allwinner: Add Allwinner A64 support

The Allwinner A64 SoC is quite popular on single board computers.
It comes with four Cortex-A53 cores in a singe cluster and the usual
peripherals for set-top box/tablet SoC.

The ATF platform target is called "sun50i_a64".

[Andre: adapted to amended directory layout, removed unneeded definitions ]

Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge pull request #1414 from antonio-nino-diaz-arm/an/fix-rpi3-doc

rpi3: Fix kernel boot documentation

Correct ordering of log levels in documentation

Changed the ordering of the log levels in the documentation to
mate the code

Change-Id: Ief1930b73d833fdf675b039c98046591c0c264c1
Signed-off-by: Dani

Correct ordering of log levels in documentation

Changed the ordering of the log levels in the documentation to
mate the code

Change-Id: Ief1930b73d833fdf675b039c98046591c0c264c1
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

rpi3: Fix kernel boot documentation

The order of the arguments of memmap was swapped. The old command was
reserving 256 MiB from the 16 MiB barrier, it should be reserving only
16 MiB at the 256 MiB

rpi3: Fix kernel boot documentation

The order of the arguments of memmap was swapped. The old command was
reserving 256 MiB from the 16 MiB barrier, it should be reserving only
16 MiB at the 256 MiB barrier.

It worked because the memory used by the Trusted Firmware was reserved
anyway.

Change-Id: I3fefcfc0105ecf05ba5606517bc3236f4eb24ceb
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Adjust BL2_AT_EL3 memory layout

For the BL2_AT_EL3 configuration, move BL2 higher up to make more
space for BL31. Adjust the BL31 limit to be up to BL2 base. This is
because BL2 is always resident

Adjust BL2_AT_EL3 memory layout

For the BL2_AT_EL3 configuration, move BL2 higher up to make more
space for BL31. Adjust the BL31 limit to be up to BL2 base. This is
because BL2 is always resident for the BL2_AT_EL3 configuration and
thus we cannot overlay it with BL31.

Change-Id: I71e89863ed48f5159e8b619f49c7c73b253397aa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1404 from soby-mathew/sm/bl_layout_change

ARM platforms: Change memory layout and update documentation

docs: Firmware design update for BL memory layout

This patch updates the firmware design guide for the BL memory
layout change on ARM platforms.

Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52

docs: Firmware design update for BL memory layout

This patch updates the firmware design guide for the BL memory
layout change on ARM platforms.

Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

ARM platforms: Move BL31 below BL2 to enable BL2 overlay

The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expe

ARM platforms: Move BL31 below BL2 to enable BL2 overlay

The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.

This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2

The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.

Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1392 from dp-arm/dp/cve_2018_3639

Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75

Merge pull request #1395 from antonio-nino-diaz-arm/an/spm-refactor

SPM: Refactor codebase

plat/arm: SPM: Force BL31 to DRAM when SPM is used

BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
mo

plat/arm: SPM: Force BL31 to DRAM when SPM is used

BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.

Secure Partition Manager design document updated to reflect the changes.

Increased the size of the stack of BL31 for builds with SPM.

The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.

Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...