Merge "refactor(console): disable getc() by default" into integration

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.

Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.

This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.

The following changes are introduced when getc() is disabled:

- The multi-console framework no longer provides the console_getc()
function.

- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.

If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up

If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'

- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.

[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.

Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/

Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>

show more ...

Merge "Don't return error information from console_flush" into integration

Don't return error information from console_flush

And from crash_console_flush.

We ignore the error information return by console_flush in _every_
place where we call it, and casting the return typ

Don't return error information from console_flush

And from crash_console_flush.

We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.

Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

show more ...

Merge changes from topic "console_t_cleanup" into integration

* changes:
coreboot: Use generic base address
skeletton: Use generic console_t data structure
cdns: Use generic console_t data str

Merge changes from topic "console_t_cleanup" into integration

* changes:
coreboot: Use generic base address
skeletton: Use generic console_t data structure
cdns: Use generic console_t data structure

show more ...

skeletton: Use generic console_t data structure

Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data

skeletton: Use generic console_t data structure

Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.

Change-Id: I347849424782333149e5912a25cc0ab9d277a201
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "console: update skeleton" into integration

console: update skeleton

Update the skeleton implementation of the console interface.

The 32 bit version was outdated and has been copied from the 64 bit
version.

Change-Id: Ib3e4eb09402ffccb1a30c

console: update skeleton

Update the skeleton implementation of the console interface.

The 32 bit version was outdated and has been copied from the 64 bit
version.

Change-Id: Ib3e4eb09402ffccb1a30c703a53829a7bf064dfe
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Merge changes from topic "av/console-port" into integration

* changes:
qemu: use new console interface in aarch32
warp7: remove old console from makefile
Remove MULTI_CONSOLE_API flag and refe

Merge changes from topic "av/console-port" into integration

* changes:
qemu: use new console interface in aarch32
warp7: remove old console from makefile
Remove MULTI_CONSOLE_API flag and references to it
Console: removed legacy console API

show more ...

Remove MULTI_CONSOLE_API flag and references to it

The new API becomes the default one.

Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.co

Remove MULTI_CONSOLE_API flag and references to it

The new API becomes the default one.

Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Merge pull request #1920 from ambroise-arm/av/deprecated

Remove deprecated interfaces

Console: remove deprecated finish_console_register

The old version of the macro is deprecated.

Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more det

Console: remove deprecated finish_console_register

The old version of the macro is deprecated.

Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.

Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Merge pull request #1640 from soby-mathew/sm/fin_con_reg

Multi-console: Deprecate the `finish_console_register` macro

Multi-console: Deprecate the `finish_console_register` macro

The `finish_console_register` macro is used by the multi console
framework to register the `console_t` driver callbacks. It relied
on wea

Multi-console: Deprecate the `finish_console_register` macro

The `finish_console_register` macro is used by the multi console
framework to register the `console_t` driver callbacks. It relied
on weak references to the `ldr` instruction to populate 0 to the
callback in case the driver has not defined the appropriate
function. Use of `ldr` instruction to load absolute address to a
reference makes the binary position dependant. These instructions
should be replaced with adrp/adr instruction for position independant
executable(PIE). But adrp/adr instructions don't work well with weak
references as described in GNU ld bugzilla issue 22589.

This patch defines a new version of `finish_console_register` macro
which can spcify which driver callbacks are valid and deprecates the
old one. If any of the argument is not specified, then the macro
populates 0 for that callback. Hence the functionality of the previous
deprecated macro is preserved. The USE_FINISH_CONSOLE_REG_2 define
is used to select the new variant of the macro and will be removed
once the deprecated variant is removed.

All the upstream console drivers have been migrated to use the new
macro in this patch.

NOTE: Platforms be aware that the new variant of the
`finish_console_register` should be used and the old variant is
deprecated.

Change-Id: Ia6a67aaf2aa3ba93932992d683587bbd0ad25259
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1193 from jwerner-chromium/JW_coreboot

New console API and coreboot support [v4]

Add new function-pointer-based console API

This patch overhauls the console API to allow for multiple console
instances of different drivers that are active at the same time. Instead
of binding to w

Add new function-pointer-based console API

This patch overhauls the console API to allow for multiple console
instances of different drivers that are active at the same time. Instead
of binding to well-known function names (like console_core_init),
consoles now provide a register function (e.g. console_16550_register())
that will hook them into the list of active consoles. All console
operations will be dispatched to all consoles currently in the list.

The new API will be selected by the build-time option MULTI_CONSOLE_API,
which defaults to ${ERROR_DEPRECATED} for now. The old console API code
will be retained to stay backwards-compatible to older platforms, but
should no longer be used for any newly added platforms and can hopefully
be removed at some point in the future.

The new console API is intended to be used for both normal (bootup) and
crash use cases, freeing platforms of the need to set up the crash
console separately. Consoles can be individually configured to be active
active at boot (until first handoff to EL2), at runtime (after first
handoff to EL2), and/or after a crash. Console drivers should set a sane
default upon registration that can be overridden with the
console_set_scope() call. Code to hook up the crash reporting mechanism
to this framework will be added with a later patch.

This patch only affects AArch64, but the new API could easily be ported
to AArch32 as well if desired.

Change-Id: I35c5aa2cb3f719cfddd15565eb13c7cde4162549
Signed-off-by: Julius Werner <jwerner@chromium.org>

show more ...

Merge pull request #925 from dp-arm/dp/spdx

Use SPDX license identifiers

Use SPDX license identifiers

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by

Use SPDX license identifiers

To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.

NOTE: Files that have been imported by FreeBSD have not been modified.

[0]: https://spdx.org/

Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Merge branch 'integration' into tf_issue_461

Merge pull request #885 from antonio-nino-diaz-arm/an/console-flush

Implement console_flush()

Add console_flush() to console API

This function ensures that console output is flushed, for example
before shutting down or use by another component

In line with other console APIs, console_flush(

Add console_flush() to console API

This function ensures that console output is flushed, for example
before shutting down or use by another component

In line with other console APIs, console_flush() wraps
console_core_flush().

Also implement console_core_flush() for PL011.

Change-Id: I3db365065e4de04a454a5c2ce21be335a23a01e4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #678 from soby-mathew/sm/PSCI_AArch32

Introduce AArch32 support for PSCI library

Move console drivers to AArch64 folder

This patch moves the various assembly console drivers
into `aarch64` architecture specific folder. Stub files,
which include files from new location, are retai

Move console drivers to AArch64 folder

This patch moves the various assembly console drivers
into `aarch64` architecture specific folder. Stub files,
which include files from new location, are retained at the
original location for platform compatibility reasons.

Change-Id: I0069b6c1c0489ca47f5204d4e26e3bc3def533a8

show more ...