rpi3: update documentation for OP-TEE support

Describe how to use BL32 build variable to load OP-TEE into FIP.

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>

Merge pull request #1400 from Andre-ARM/allwinner/v1

Allwinner platform support

Support for NXP's i.MX8QM SoC

NXP's i.MX8QM is an ARMv8 SoC with 2 clusters, 2 Cortex-A72
cores in one cluster and 4 Cortex-A53 in the other cluster,
and also has system controller (Cortex-M4) insid

Support for NXP's i.MX8QM SoC

NXP's i.MX8QM is an ARMv8 SoC with 2 clusters, 2 Cortex-A72
cores in one cluster and 4 Cortex-A53 in the other cluster,
and also has system controller (Cortex-M4) inside, documentation
can be found in below link:

https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES

This patch adds support for booting up SMP linux kernel (v4.9).

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>

show more ...

Support for NXP's i.MX8QX SoC

NXP's i.MX8QX is an ARMv8 SoC with 4 Cortex-A35 cores and
system controller (Cortex-M4) inside, documentation can
be found in below link:

https://www.nxp.com/products/

Support for NXP's i.MX8QX SoC

NXP's i.MX8QX is an ARMv8 SoC with 4 Cortex-A35 cores and
system controller (Cortex-M4) inside, documentation can
be found in below link:

https://www.nxp.com/products/processors-and-microcontrollers/
applications-processors/i.mx-applications-processors/i.mx-8-processors:IMX8-SERIES

This patch adds support for booting up SMP linux kernel (v4.9).

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>

show more ...

Move to mbedtls-2.10.0 tag

To build with the new release, we pick couple of more files from mbedTLS
library.

Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <

Move to mbedtls-2.10.0 tag

To build with the new release, we pick couple of more files from mbedTLS
library.

Change-Id: I77dfe5723284cb26d4e5c717fb0e6f6dd803cb6b
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

allwinner: Add Allwinner A64 support

The Allwinner A64 SoC is quite popular on single board computers.
It comes with four Cortex-A53 cores in a singe cluster and the usual
peripherals for set-top bo

allwinner: Add Allwinner A64 support

The Allwinner A64 SoC is quite popular on single board computers.
It comes with four Cortex-A53 cores in a singe cluster and the usual
peripherals for set-top box/tablet SoC.

The ATF platform target is called "sun50i_a64".

[Andre: adapted to amended directory layout, removed unneeded definitions ]

Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge pull request #1414 from antonio-nino-diaz-arm/an/fix-rpi3-doc

rpi3: Fix kernel boot documentation

Correct ordering of log levels in documentation

Changed the ordering of the log levels in the documentation to
mate the code

Change-Id: Ief1930b73d833fdf675b039c98046591c0c264c1
Signed-off-by: Dani

Correct ordering of log levels in documentation

Changed the ordering of the log levels in the documentation to
mate the code

Change-Id: Ief1930b73d833fdf675b039c98046591c0c264c1
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

show more ...

rpi3: Fix kernel boot documentation

The order of the arguments of memmap was swapped. The old command was
reserving 256 MiB from the 16 MiB barrier, it should be reserving only
16 MiB at the 256 MiB

rpi3: Fix kernel boot documentation

The order of the arguments of memmap was swapped. The old command was
reserving 256 MiB from the 16 MiB barrier, it should be reserving only
16 MiB at the 256 MiB barrier.

It worked because the memory used by the Trusted Firmware was reserved
anyway.

Change-Id: I3fefcfc0105ecf05ba5606517bc3236f4eb24ceb
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Adjust BL2_AT_EL3 memory layout

For the BL2_AT_EL3 configuration, move BL2 higher up to make more
space for BL31. Adjust the BL31 limit to be up to BL2 base. This is
because BL2 is always resident

Adjust BL2_AT_EL3 memory layout

For the BL2_AT_EL3 configuration, move BL2 higher up to make more
space for BL31. Adjust the BL31 limit to be up to BL2 base. This is
because BL2 is always resident for the BL2_AT_EL3 configuration and
thus we cannot overlay it with BL31.

Change-Id: I71e89863ed48f5159e8b619f49c7c73b253397aa
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1404 from soby-mathew/sm/bl_layout_change

ARM platforms: Change memory layout and update documentation

docs: Firmware design update for BL memory layout

This patch updates the firmware design guide for the BL memory
layout change on ARM platforms.

Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52

docs: Firmware design update for BL memory layout

This patch updates the firmware design guide for the BL memory
layout change on ARM platforms.

Change-Id: Icbfe7249484bb8b4ba3c94421172d42f27605c52
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

ARM platforms: Move BL31 below BL2 to enable BL2 overlay

The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expe

ARM platforms: Move BL31 below BL2 to enable BL2 overlay

The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.

This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2

The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.

Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1392 from dp-arm/dp/cve_2018_3639

Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75

Merge pull request #1395 from antonio-nino-diaz-arm/an/spm-refactor

SPM: Refactor codebase

plat/arm: SPM: Force BL31 to DRAM when SPM is used

BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
mo

plat/arm: SPM: Force BL31 to DRAM when SPM is used

BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.

Secure Partition Manager design document updated to reflect the changes.

Increased the size of the stack of BL31 for builds with SPM.

The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.

Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in

Add support for dynamic mitigation for CVE-2018-3639

Some CPUS may benefit from using a dynamic mitigation approach for
CVE-2018-3639. A new SMC interface is defined to allow software
executing in lower ELs to enable or disable the mitigation for their
execution context.

It should be noted that regardless of the state of the mitigation for
lower ELs, code executing in EL3 is always mitigated against
CVE-2018-3639.

NOTE: This change is a compatibility break for any platform using
the declare_cpu_ops_workaround_cve_2017_5715 macro. Migrate to
the declare_cpu_ops_wa macro instead.

Change-Id: I3509a9337ad217bbd96de9f380c4ff8bf7917013
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mit

Implement static workaround for CVE-2018-3639

For affected CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.

This approach permanently mitigates the entire software stack and no
additional mitigation code is required in other software components.

TF-A implements this approach for the following affected CPUs:

* Cortex-A57 and Cortex-A72, by setting bit 55 (Disable load pass store) of
`CPUACTLR_EL1` (`S3_1_C15_C2_0`).

* Cortex-A73, by setting bit 3 of `S3_0_C15_C0_0` (not documented in the
Technical Reference Manual (TRM)).

* Cortex-A75, by setting bit 35 (reserved in TRM) of `CPUACTLR_EL1`
(`S3_0_C15_C1_0`).

Additionally, a new SMC interface is implemented to allow software
executing in lower ELs to discover whether the system is mitigated
against CVE-2018-3639.

Refer to "Firmware interfaces for mitigating cache speculation
vulnerabilities System Software on Arm Systems"[0] for more
information.

[0] https://developer.arm.com/cache-speculation-vulnerability-firmware-specification

Change-Id: I084aa7c3bc7c26bf2df2248301270f77bed22ceb
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1386 from soby-mathew/sm/dyn_bl31

Extend dynamic configuration

Docs: Update user guide for Dynamic Config on FVP

From TF-A v1.5, FVP supports loading the kernel FDT through
firmware as part of dynamic configuration feature. This means
that the FDT no longer nee

Docs: Update user guide for Dynamic Config on FVP

From TF-A v1.5, FVP supports loading the kernel FDT through
firmware as part of dynamic configuration feature. This means
that the FDT no longer needs to be loaded via Model parameters.
This patch updates the user guide to reflect the same.

Change-Id: I79833beeaae44a1564f6512c3a473625e5959f65
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Allow disabling authentication dynamically

This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build

Allow disabling authentication dynamically

This patch allows platforms to dynamically disable authentication of
images during cold boot. This capability is controlled via the
DYN_DISABLE_AUTH build flag and is only meant for development
purposes.

Change-Id: Ia3df8f898824319bb76d5cc855b5ad6c3d227260
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1382 from sandrine-bailleux-arm/topics/sb/fix-doc

Fix doc for bl31_plat_get_next_image_ep_info()

Merge pull request #1381 from antonio-nino-diaz-arm/an/kernel-boot

plat/arm: Introduce ARM_LINUX_KERNEL_AS_BL33 build option

Fix doc for bl31_plat_get_next_image_ep_info()

In the porting guide, fix the function name and the argument type to
reflect the code.

Change-Id: Iac8d69af403194de5586bc0d5890da531e3c8da2
Signed-off

Fix doc for bl31_plat_get_next_image_ep_info()

In the porting guide, fix the function name and the argument type to
reflect the code.

Change-Id: Iac8d69af403194de5586bc0d5890da531e3c8da2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Replace bootwrapped kernel instructions from User Guide

The instructions to boot the bootwrapped kernel were outdated.

Also, the bootwrapped kernel boot flow isn't really useful. It was meant
to be

Replace bootwrapped kernel instructions from User Guide

The instructions to boot the bootwrapped kernel were outdated.

Also, the bootwrapped kernel boot flow isn't really useful. It was meant
to be a replacement for the Trusted Firmware-A, not to be used as the next
step during boot.

The instructions have been removed in favour of the new build option
ARM_LINUX_KERNEL_AS_BL33. This new system directly boots the Linux
kernel from BL31, and requires RESET_TO_BL31 to be 1. Also, the kernel
has to be preloaded in memory, so PRELOADED_BL33_BASE has to be set to its
address. This way, the runtime services of the Trusted Firmware-A are
available for the kernel in the least possible amount of time.

This new system requires the DTB to be patched so that the kernel knows
where the ramdisk is. A short script to add this information to the DTB
has been added to the User Guide. The information related to it can be
found in the following file in the Linux kernel tree:
``Documentation/devicetree/bindings/chosen.txt``

Change-Id: Ide135580959e09f6aa8e4425f37ea55d97439178
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...