Detect SCP version incompatibility

There has been a breaking change in the communication protocols used
between the AP cores and the SCP on CSS based platforms like Juno.
This means both the AP Trus

Detect SCP version incompatibility

There has been a breaking change in the communication protocols used
between the AP cores and the SCP on CSS based platforms like Juno.
This means both the AP Trusted Firmware and SCP firmware must be
updated at the same time.

In case the user forgets to update the SCP ROM firmware, this patch
detects when it still uses the previous version of the communication
protocol. It will then output a comprehensive error message that helps
trouble-shoot the issue.

Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2

show more ...

Doc updates following platform port reorganization

Update the User Guide, Porting Guide and Firmware Design documents
to align them with the recent changes made to the FVP and Juno
platform ports.

Doc updates following platform port reorganization

Update the User Guide, Porting Guide and Firmware Design documents
to align them with the recent changes made to the FVP and Juno
platform ports.

Also fix some other historical inaccuracies.

Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176

show more ...

Merge pull request #280 from vwadekar/tlkd-fixed-v3

TLK dispatcher

TLK-D documentation and add NVIDIA to the Acknowledgements file

Include TLK Dispatcher's documentation and add NVIDIA to the
Acknowledgements file. TLK is now a supported Trusted OS with
the Trusted

TLK-D documentation and add NVIDIA to the Acknowledgements file

Include TLK Dispatcher's documentation and add NVIDIA to the
Acknowledgements file. TLK is now a supported Trusted OS with
the Trusted Firmware.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge pull request #269 from vikramkanigiri/vk/common-cci

Common driver for ARM cache coherent Interconnects

Merge pull request #267 from sandrine-bailleux/sb/doc-fixes

Documentation fixes in 'make help' message and User Guide

Common driver for ARM Cache Coherent Interconnects

Even though both CCI-400 and CCI-500 IPs have different configurations
with respect to the number and types of supported interfaces, their
register

Common driver for ARM Cache Coherent Interconnects

Even though both CCI-400 and CCI-500 IPs have different configurations
with respect to the number and types of supported interfaces, their
register offsets and programming sequences are similar. This patch
creates a common driver for enabling and disabling snoop transactions
and DVMs with both the IPs.

New platform ports which implement one of these IPs should use this
common driver. Existing platform ports which implement CCI-400 should
migrate to the common driver as the standalone CCI-400 will be
deprecated in the future.

Change-Id: I3ccd0eb7b062922d2e4a374ff8c21e79fa357556

show more ...

User guide: Add dependency on libssl-dev for cert_create tool

The 'libssl-dev' package must be installed on the host to build the
certificate generation tool. This patch adds it to the list of
requi

User guide: Add dependency on libssl-dev for cert_create tool

The 'libssl-dev' package must be installed on the host to build the
certificate generation tool. This patch adds it to the list of
required tools in the User Guide.

Change-Id: I018381fb14b7c2d2bd6f2b7929aaad0571f7eb2e

show more ...

TBB: use SHA256 to generate the certificate signatures

This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
certificate signatures are generated according to the NSA Suite B
cryptographi

TBB: use SHA256 to generate the certificate signatures

This patch replaces SHA1 by SHA256 in the 'cert_create' tool, so
certificate signatures are generated according to the NSA Suite B
cryptographic algorithm requirements.

Documentation updated accordingly.

Change-Id: I7be79e6b2b62dac8dc78a4f4f5006e37686bccf6

show more ...

Export maximum affinity using PLATFORM_MAX_AFFLVL macro

This patch removes the plat_get_max_afflvl() platform API
and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
This is done beca

Export maximum affinity using PLATFORM_MAX_AFFLVL macro

This patch removes the plat_get_max_afflvl() platform API
and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
This is done because the maximum affinity level for a platform
is a static value and it is more efficient for it to be defined
as a platform macro.

NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT

Fixes ARM-Software/tf-issues#265

Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf

show more ...

Fix model command line for legacy VE memory map

The command line options specified in the User Guide to run the AEMv8 Base FVP
with the legacy VE memory map apply only when the model is configured t

Fix model command line for legacy VE memory map

The command line options specified in the User Guide to run the AEMv8 Base FVP
with the legacy VE memory map apply only when the model is configured to use GIC
v2.0. This patch adds the 'gicv3.gicv2-only=1' to the command line to ensure
that the right version of GIC is used.

Change-Id: I34c44e19fd42c29818b734ac8f6aa9bf97b4e891

show more ...

Merge pull request #254 from achingupta/ag/v1.1-doc-updates

Documentation for version 1.1

TBB: Add documentation for Trusted Board Boot

This patch updates the user-guide.md with the various build options related to
Trusted Board Boot and steps to build a FIP image which includes this
sup

TBB: Add documentation for Trusted Board Boot

This patch updates the user-guide.md with the various build options related to
Trusted Board Boot and steps to build a FIP image which includes this
support. It also adds a trusted-board-boot.md which describes the scope and
design of this feature.

Change-Id: Ifb421268ebf7e06a135684c8ebb04c94835ce061

show more ...

Documentation for version 1.1

Final updates to readme.md and change-log.md for ARM Trusted Firmware version
1.1. Also increment the version in the Makefile.

Change-Id: Ib001a6ec9a9c570985841d06f0ff

Documentation for version 1.1

Final updates to readme.md and change-log.md for ARM Trusted Firmware version
1.1. Also increment the version in the Makefile.

Change-Id: Ib001a6ec9a9c570985841d06f0ff80ed76c2996b

show more ...

Merge pull request #253 from danh-arm/dh/deps-for-v1.1

Move up dependency versions in user guide

Move up dependency versions in user guide

Move up the version numbers in the user guide of:

* DS-5 (to v5.20)
* EDK2 (to v2.1-rc0)
* Linux Kernel (to 1.3-Juno)
* Linaro file-system (to 14.12)
* Jun

Move up dependency versions in user guide

Move up the version numbers in the user guide of:

* DS-5 (to v5.20)
* EDK2 (to v2.1-rc0)
* Linux Kernel (to 1.3-Juno)
* Linaro file-system (to 14.12)
* Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1).
Also remove duplicate information that is available from the
ARM Connected Community website.
* Base FVP (to 6.2)
* Foundation FVP (to 9.1). Also update the name of the Foundation
FVP binary since it has changed since version 2.1.

Co-Authored-By: Dan Handley <dan.handley@arm.com>

Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0

show more ...

Miscellaneous doc fixes for v1.1

Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9

Fix the Cortex-A57 reset handler register usage

The CPU specific reset handlers no longer have the freedom
of using any general purpose register because it is being invoked
by the BL3-1 entry point

Fix the Cortex-A57 reset handler register usage

The CPU specific reset handlers no longer have the freedom
of using any general purpose register because it is being invoked
by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
specific reset handler was overwriting x20 register which was being
used by the BL3-1 entry point to save the entry point information.
This patch fixes this bug by reworking the register allocation in the
Cortex-A57 reset handler to avoid using x20. The patch also
explicitly mentions the register clobber list for each of the
callee functions invoked by the reset handler

Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df

show more ...

TBB: add a platform specific function to validate the ROTPK

This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification m

TBB: add a platform specific function to validate the ROTPK

This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.

The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).

TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.

For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.

Documentation updated accordingly.

Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3

show more ...

Merge pull request #248 from jcastillo-arm/jc/tf-issues/212_1

Allow BL3-2 to be loaded into the secure region of DRAM

Call reset handlers upon BL3-1 entry.

This patch adds support to call the reset_handler() function in BL3-1 in the
cold and warm boot paths when another Boot ROM reset_handler() has already run.

Th

Call reset handlers upon BL3-1 entry.

This patch adds support to call the reset_handler() function in BL3-1 in the
cold and warm boot paths when another Boot ROM reset_handler() has already run.

This means the BL1 and BL3-1 versions of the CPU and platform specific reset
handlers may execute different code to each other. This enables a developer to
perform additional actions or undo actions already performed during the first
call of the reset handlers e.g. apply additional errata workarounds.

Typically, the reset handler will be first called from the BL1 Boot ROM. Any
additional functionality can be added to the reset handler when it is called
from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
to identify whether this is the first version of the reset handler code to be
executed or an overridden version of the code.

The Cortex-A57 errata workarounds are applied only if they have not already been
applied.

Fixes ARM-software/tf-issue#275

Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053

show more ...

Demonstrate model for routing IRQs to EL3

This patch provides an option to specify a interrupt routing model
where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
When such an inter

Demonstrate model for routing IRQs to EL3

This patch provides an option to specify a interrupt routing model
where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
When such an interrupt occurs, the TSPD arranges a return to
the normal world after saving any necessary context. The interrupt
routing model to route IRQs to EL3 is enabled only during STD SMC
processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
and Secure Interrupt processing.

A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
the non secure interrupt target execution level to EL3.

Fixes ARM-software/tf-issues#225

Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32

show more ...

Increment the PSCI VERSION to 1.0

This patch:

* Bumps the PSCI VERSION to 1.0. This means that
the PSCI_VERSION API will now return the value 0x00010000
to indicate the version as 1.0.

Increment the PSCI VERSION to 1.0

This patch:

* Bumps the PSCI VERSION to 1.0. This means that
the PSCI_VERSION API will now return the value 0x00010000
to indicate the version as 1.0. The firmware remains
compatible with PSCI v0.2 clients.

* The firmware design guide is updated to document the
APIs supported by the Trusted Firmware generic code.

* The FVP Device Tree Sources (dts) and Blobs(dtb) are also
updated to add "psci-1.0" and "psci-0.2" to the list of
compatible PSCI versions.

Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a

show more ...

FVP: Allow BL3-2 to sit in the secure region of DRAM

This patch allows the secure payload (BL3-2) to be loaded in the
DRAM region secured by the TrustZone controller (top 16 MB of DRAM1).

The locat

FVP: Allow BL3-2 to sit in the secure region of DRAM

This patch allows the secure payload (BL3-2) to be loaded in the
DRAM region secured by the TrustZone controller (top 16 MB of DRAM1).

The location of BL3-2 can be selected at build time by setting the
build flag FVP_TSP_RAM_LOCATION to one of the following options:

- 'tsram' : Trusted SRAM (this is the default option)
- 'tdram' : Trusted DRAM
- 'dram' : Secure region in DRAM1 (top 16MB configured by the
TrustZone controller)

The number of MMU tables in BL3-2 depends on its location in
memory: 3 in case it is loaded in DRAM, 2 otherwise.

Documentation updated accordingly.

Fixes ARM-software/tf-issues#212

Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a

show more ...

Validate power_state and entrypoint when executing PSCI calls

This patch allows the platform to validate the power_state and
entrypoint information from the normal world early on in PSCI
calls so th

Validate power_state and entrypoint when executing PSCI calls

This patch allows the platform to validate the power_state and
entrypoint information from the normal world early on in PSCI
calls so that we can return the error safely. New optional
pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
are introduced to do this.

As a result of these changes, all the other pm_ops handlers except
the PSCI_ON handler are expected to be successful. Also, the PSCI
implementation will now assert if a PSCI API is invoked without the
corresponding pm_ops handler being registered by the platform.

NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
pm hooks have 2 additional optional callbacks and the return type
of the other hooks have changed.

Fixes ARM-Software/tf-issues#229

Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc

show more ...