Merge changes from topic "allwinner-idle" into integration

* changes:
feat(allwinner): provide CPU idle states to the rich OS
feat(allwinner): simplify CPU_SUSPEND power state encoding
feat(al

Merge changes from topic "allwinner-idle" into integration

* changes:
feat(allwinner): provide CPU idle states to the rich OS
feat(allwinner): simplify CPU_SUSPEND power state encoding
feat(allwinner): choose PSCI states to avoid translation
feat(fdt): add the ability to supply idle state information
fix(allwinner): improve DTB patching error handling
refactor(allwinner): patch the DTB after setting up PSCI
refactor(allwinner): move DTB change code into allwinner/common

show more ...

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): upd

Merge changes from topic "refactor-hw-config-load" into integration

* changes:
docs(fvp): update loading addresses of HW_CONFIG
docs(fconf): update device tree binding for FCONF
feat(fvp): update HW_CONFIG DT loading mechanism
refactor(st): update set_config_info function call
refactor(fvp_r): update set_config_info function call
refactor(arm): update set_config_info function call
feat(fconf): add NS load address in configuration DTB nodes

show more ...

Merge "feat(smmu): configure SMMU Root interface" into integration

fix(amu): limit virtual offset register access to NS world

Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
of

fix(amu): limit virtual offset register access to NS world

Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
offset registers when it should not be able to. This patch only sets
AMVOFFEN for non-secure world.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I2c61fe0a8a0092df089f1cb2c0d8a45c8c8ad0d3

show more ...

feat(smmu): configure SMMU Root interface

This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions

feat(smmu): configure SMMU Root interface

This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07

show more ...

feat(fdt-wrappers): add function to find or add a sudnode

This change adds a new utility function - `fdtw_find_or_add_subnode`
to find a subnode. If the subnode is not present, the function adds
it

feat(fdt-wrappers): add function to find or add a sudnode

This change adds a new utility function - `fdtw_find_or_add_subnode`
to find a subnode. If the subnode is not present, the function adds
it in the flattened device tree.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: Idf3ceddc57761ac015763d4a8b004877bcad766a

show more ...

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue sinc

feat(fvp): update HW_CONFIG DT loading mechanism

Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).

It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].

Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory

[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html

Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

show more ...

Merge "refactor(twed): improve TWED enablement in EL-3" into integration

feat(fdt): add the ability to supply idle state information

Some platforms require extra firmware to implement CPU_SUSPEND, or only
have working CPU_SUSPEND in certain configurations. On these platf

feat(fdt): add the ability to supply idle state information

Some platforms require extra firmware to implement CPU_SUSPEND, or only
have working CPU_SUSPEND in certain configurations. On these platforms,
CPU idle states should only be listed in the devicetree when they are
actually available. Add a function BL31 can use to dynamically supply
this idle state information.

Change-Id: I64fcc288303faba8abec4f59efd13a04220d54dc
Signed-off-by: Samuel Holland <samuel@sholland.org>

show more ...

feat(libfdt): add function to set MAC addresses

The devicetree specification[1] defines the generic DT properties
"mac-address" and "local-mac-address", that allow to set the MAC address
for a netwo

feat(libfdt): add function to set MAC addresses

The devicetree specification[1] defines the generic DT properties
"mac-address" and "local-mac-address", that allow to set the MAC address
for a network device. This is needed because many platform network
devices do not define a method for obtaining a unique MAC address, and
many devices lack the non-volatile storage to hold such a number.

Some platforms (for instance Allwinner) derive the MAC address from
another unique SoC property, for instance some serial number. To allow
those MAC address to be set by TF-A, add a function that finds the DT
node of a network device (by using the "ethernet<x>" alias), then adding
the "local-mac-address" property into that node, setting it to a user
provided address. Platforms can use this function to generate MAC
addresses in a platform specific way, and store them in the DT.

DT consumers like U-Boot or the Linux kernel will automatically pick up
the address from that property and program the MAC device accordingly.

[1] https://devicetree-specification.readthedocs.io/en/latest/chapter4-device-bindings.html#local-mac-address-property

Change-Id: I3f5766cc575fa9718f9ca23e8269b11495c43be2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

fix(ufs): disables controller if enabled

ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit

Signed-off-by: anans <anans@google.com>

fix(ufs): disables controller if enabled

ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit

Signed-off-by: anans <anans@google.com>
Change-Id: I523c5d57c1d34f6404a6368ee3f364fbffd2e542

show more ...

refactor(ufs): adds a function for fdeviceinit

time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar

refactor(ufs): adds a function for fdeviceinit

time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar to what linux does

Change-Id: I571649231732fde0cd6d5be89b6f14fe905fcaff
Signed-off-by: anans <anans@google.com>

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for F

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for FFA_MSG_WAIT
feat(spmc): add function to determine the return path from the SPMC
feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3
feat(spmd): update SPMC init flow to use EL3 implementation
feat(spmc): add FF-A secure partition manager core
feat(spmc): prevent read only xlat tables with the EL3 SPMC
feat(spmc): enable building of the SPMC at EL3
refactor(spm_mm): reorganize secure partition manager code

show more ...

Merge "feat(spm): add FFA_RX_ACQUIRE forwarding in SPMD" into integration

feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3

Any FF-A SMC that arrives from the normal world is handled by the
SPMD before being forwarded to the SPMC. Similarly any SMC
arriving fr

feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3

Any FF-A SMC that arrives from the normal world is handled by the
SPMD before being forwarded to the SPMC. Similarly any SMC
arriving from the secure world will hit the SPMC first and be
forwarded to the SPMD if required, otherwise the SPMC will
respond directly.

This allows for the existing flow of handling FF-A ABI's when
the SPMC resides at a lower EL to be preserved.

In order to facilitate this flow the spmd_smc_forward function
has been split and control is either passed to the SPMC or it is
forwarded as before. To allow this the flags and cookie parameters
must now also be passed into this method as the SPMC must be able to
provide these when calling back into the SPMD handler as appropriate.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I84fee8390023295b9689067e14cd25cba23ca39b

show more ...

feat(spmd): update SPMC init flow to use EL3 implementation

Allow the SPMD to initialise an SPMC implementation at EL3 directly
rather than at a lower EL.
This includes removing the requirement to p

feat(spmd): update SPMC init flow to use EL3 implementation

Allow the SPMD to initialise an SPMC implementation at EL3 directly
rather than at a lower EL.
This includes removing the requirement to parse an SPMC manifest to
obtain information about the SPMC implementation, in this case since the
SPMD and SPMC reside in the same EL we can hardcode the required
information directly.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I66d1e1b3ec2d0abbfc28b011a32445ee890a331d

show more ...

feat(spmc): add FF-A secure partition manager core

This patch introduces the core support for enabling an SPMC in EL3
as per the FF-A spec.

The current implemented functionality is targeted to enab

feat(spmc): add FF-A secure partition manager core

This patch introduces the core support for enabling an SPMC in EL3
as per the FF-A spec.

The current implemented functionality is targeted to enable
initialization of the SPMC itself and initial support for
bringing up a single S-EL1 SP.

This includes initialization of the SPMC's internal state,
parsing of an SP's manifest, preparing the cpu contexts and
appropriate system registers for the Secure Partition.

The spmc_smc_handler is the main handler for all incoming SMCs
to the SPMC, FF-A ABI handlers and functionality will
be implemented in subsequent patches.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib33c240b91e54cbd018a69fec880d02adfbe12b9

show more ...

Merge "fix(errata): workaround for Cortex-X2 erratum 2147715" into integration

refactor(twed): improve TWED enablement in EL-3

The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved fo

refactor(twed): improve TWED enablement in EL-3

The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.

Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.

Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a

show more ...

refactor(context mgmt): add cm_prepare_el3_exit_ns function

As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' fun

refactor(context mgmt): add cm_prepare_el3_exit_ns function

As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.

When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653

show more ...

refactor(context mgmt): remove registers accessible only from secure state from EL2 context

The following registers are only accessible from secure state,
therefore don't need to be saved/restored d

refactor(context mgmt): remove registers accessible only from secure state from EL2 context

The following registers are only accessible from secure state,
therefore don't need to be saved/restored during world switch.
- SDER32_EL2
- VSTCR_EL2
- VSTTBR_EL2

This patch removes these registers from EL2 context.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I24d08aacb1b6def261c7b37d3e1265bb76adafdc

show more ...

fix(errata): workaround for Cortex-X2 erratum 2147715

Cortex-X2 erratum 2147715 is a Cat B erratum that applies to revision
r2p0 and is fixed in r2p1. The workaround is to set CPUACTLR_EL1[22]=1,
wh

fix(errata): workaround for Cortex-X2 erratum 2147715

Cortex-X2 erratum 2147715 is a Cat B erratum that applies to revision
r2p0 and is fixed in r2p1. The workaround is to set CPUACTLR_EL1[22]=1,
which will cause the CFP instruction to invalidate all branch predictor
resources regardless of context.

SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100/latest

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I2d81867486d9130f2c36cd4554ca9a8f37254b57

show more ...

Merge changes I573e6478,I52dc3bee,I7e543664 into integration

* changes:
feat(gic600ae_fmu): enable all GICD, PPI, ITS SMs
feat(gic600ae_fmu): disable SMID for unavailable blocks
feat(gic600ae_

Merge changes I573e6478,I52dc3bee,I7e543664 into integration

* changes:
feat(gic600ae_fmu): enable all GICD, PPI, ITS SMs
feat(gic600ae_fmu): disable SMID for unavailable blocks
feat(gic600ae_fmu): introduce support for RAS error handling

show more ...

feat(gic600ae_fmu): enable all GICD, PPI, ITS SMs

The following SMIDs are disabled by default.

* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate overr

feat(gic600ae_fmu): enable all GICD, PPI, ITS SMs

The following SMIDs are disabled by default.

* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override

This patch explicitly enables them during the FMU init sequence.

Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge changes from topic "jc/detect_feat" into integration

* changes:
docs(build): update the feature enablement flags
refactor(el3-runtime): replace ARM_ARCH_AT_LEAST macro with FEAT flags
re

Merge changes from topic "jc/detect_feat" into integration

* changes:
docs(build): update the feature enablement flags
refactor(el3-runtime): replace ARM_ARCH_AT_LEAST macro with FEAT flags
refactor(el3-runtime): add arch-features detection mechanism

show more ...