feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaro

Merge changes from topic "mb/gic600-errata" into integration

* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt

show more ...

refactor(arm): update BL2 base address

BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.

Signed-off-by: Manish V Badark

refactor(arm): update BL2 base address

BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ieaba00d841648add855feb99b7923a4b0cccfb08

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable checking of execution ctx count
feat(spmc): enable parsing of UUID from SP Manifest
feat(spmc): add parti

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable checking of execution ctx count
feat(spmc): enable parsing of UUID from SP Manifest
feat(spmc): add partition mailbox structs
feat(plat/arm): allow BL32 specific defines to be used by SPMC_AT_EL3
feat(plat/fvp): add EL3 SPMC #defines
test(plat/fvp/lsp): add example logical partition
feat(spmc/lsp): add logical partition framework

show more ...

feat(plat/arm): allow BL32 specific defines to be used by SPMC_AT_EL3

For EL3 SPMC configuration enabled platforms, allow the reuse of
BL32 specific definitions.

Signed-off-by: Marc Bonnici <marc.b

feat(plat/arm): allow BL32 specific defines to be used by SPMC_AT_EL3

For EL3 SPMC configuration enabled platforms, allow the reuse of
BL32 specific definitions.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I37ffbbf680326c101fbb2f146085a96c138f07a1

show more ...

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): upd

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): update HW_CONFIG DT loading mechanism
refactor(st): update set_config_info function call
refactor(fvp_r): update set_config_info function call
refactor(arm): update set_config_info function call
feat(fconf): add NS load address in configuration DTB nodes

show more ...

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue sinc

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).

It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].

Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory

[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html

Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "fix(arm): increase ARM_BL_REGIONS count" into integration

fix(arm): increase ARM_BL_REGIONS count

On RME-enabled platforms, it is currently not possible to incorporate
mapping of all bl_regions specified in bl31 setup[1] with the
ARM_BL_REGIONS macro defin

fix(arm): increase ARM_BL_REGIONS count

On RME-enabled platforms, it is currently not possible to incorporate
mapping of all bl_regions specified in bl31 setup[1] with the
ARM_BL_REGIONS macro defined to 6. Hence increased its count to 7.

[1]: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/
plat/arm/common/arm_bl31_setup.c#n380

Change-Id: Ieaa97f026ab2ae6eae22442595aa4122ba0a13c4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

refactor(gpt): productize and refactor GPT library

This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are

refactor(gpt): productize and refactor GPT library

This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919

show more ...

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch intro

feat(plat/fvp): add memory map for FVP platform for FEAT_RME

When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.

The following new regions are introduced with this change:

ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.

ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.

ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.

The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:

--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------

During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254

show more ...

refactor(plat/arm): modify memory region attributes to account for FEAT_RME

If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attrib

refactor(plat/arm): modify memory region attributes to account for FEAT_RME

If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff

show more ...

Merge changes from topic "gm/reviewCI" into integration

* changes:
docs: armv8-R aarch64 fvp_r documentation
fvp_r: load, auth, and transfer from BL1 to BL33
chore: fvp_r: Initial No-EL3 and

Merge changes from topic "gm/reviewCI" into integration

* changes:
docs: armv8-R aarch64 fvp_r documentation
fvp_r: load, auth, and transfer from BL1 to BL33
chore: fvp_r: Initial No-EL3 and MPU Implementation
fvp_r: initial platform port for fvp_r

show more ...

fvp_r: load, auth, and transfer from BL1 to BL33

Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.

Signed-off-by: Lauren Wehrme

fvp_r: load, auth, and transfer from BL1 to BL33

Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I293cad09739dacac0d20dd57c1d98178dbe84d40

show more ...

chore: fvp_r: Initial No-EL3 and MPU Implementation

For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.

Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac39

chore: fvp_r: Initial No-EL3 and MPU Implementation

For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.

Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac3915b982ad1e61d24365bdd1584b3070425

show more ...

fvp_r: initial platform port for fvp_r

Creating a platform port for FVP_R based on the FVP platform.
Differences including only-BL1, aarch64, Secure only, and EL2 being the
ELmax (No EL3).

Signed-o

fvp_r: initial platform port for fvp_r

Creating a platform port for FVP_R based on the FVP platform.
Differences including only-BL1, aarch64, Secure only, and EL2 being the
ELmax (No EL3).

Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1283e033fbd4e03c397d0a2c10c4139548b4eee4

show more ...

Merge "feat(plat/arm): enable PIE when RESET_TO_SP_MIN=1" into integration

feat(plat/arm): enable PIE when RESET_TO_SP_MIN=1

For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The un

feat(plat/arm): enable PIE when RESET_TO_SP_MIN=1

For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469

show more ...

Merge changes from topic "tc0_sel2_spmc" into integration

* changes:
plat: tc0: Configure TZC with secure world regions
plat: tc0: Enable SPMC execution at S-EL2
plat: tc0: Add TZC DRAM1 regio

Merge changes from topic "tc0_sel2_spmc" into integration

* changes:
plat: tc0: Configure TZC with secure world regions
plat: tc0: Enable SPMC execution at S-EL2
plat: tc0: Add TZC DRAM1 region for SPMC and trusted OS
plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled
plat: tc0: Disable SPE

show more ...

plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled

To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM

plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled

To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.

Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>

show more ...

Merge changes from topic "ehf_common" into integration

* changes:
plat: tegra: Use generic ehf defines
ehf: use common priority level enumuration

ehf: use common priority level enumuration

'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform

ehf: use common priority level enumuration

'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform specific
priority levels.

Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d

show more ...

Merge changes from topic "tf-cleanup" into integration

* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update

Merge changes from topic "tf-cleanup" into integration

* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update data type of config max size
plat/arm: Check the need for firmware update only once
plat/arm: sgm: Use consistent name for tb fw config node

show more ...

plat/arm: Move fconf population after the enablement of MMU

In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after

plat/arm: Move fconf population after the enablement of MMU

In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284

show more ...