Move up to mbed TLS 2.x

The mbed TLS library has introduced some changes in the API from
the 1.3.x to the 2.x releases. Using the 2.x releases requires
some changes to the crypto and transport modul

Move up to mbed TLS 2.x

The mbed TLS library has introduced some changes in the API from
the 1.3.x to the 2.x releases. Using the 2.x releases requires
some changes to the crypto and transport modules.

This patch updates both modules to the mbed TLS 2.x API.

All references to the mbed TLS library in the code or documentation
have been updated to 'mbed TLS'. Old references to PolarSSL have
been updated to 'mbed TLS'.

User guide updated to use mbed TLS 2.2.0.

NOTE: moving up to mbed TLS 2.x from 1.3.x is not backward compatible.
Applying this patch will require an mbed TLS 2.x release to be used.
Also note that the mbed TLS license changed to Apache version 2.0.

Change-Id: Iba4584408653cf153091f2ca2ee23bc9add7fda4

show more ...

Merge pull request #463 from jcastillo-arm/jc/tf-issues/216

De-feature PL011 UART driver to match generic UART spec

De-feature PL011 UART driver to match generic UART spec

The Server Base System Architecture document (ARM-DEN-0029)
specifies a generic UART device. The programmer's view of this
generic UART is a s

De-feature PL011 UART driver to match generic UART spec

The Server Base System Architecture document (ARM-DEN-0029)
specifies a generic UART device. The programmer's view of this
generic UART is a subset of the ARM PL011 UART. However, the
current PL011 driver in Trusted Firmware uses some features
that are outside the generic UART specification.

This patch modifies the PL011 driver to exclude features outside
the SBSA generic UART specification by setting the boolean build
option 'PL011_GENERIC_UART=1'. Default value is 0 (use full
PL011 features).

User guide updated.

Fixes ARM-software/tf-issues#216

Change-Id: I6e0eb86f9d69569bc3980fb57e70d6da5d91a737

show more ...

Merge pull request #462 from soby-mathew/sm/runtime_console

Enable BL31 to configure a runtime console

FWU: Add FWU support to `fip_create` tool

Firmware Update (FWU) introduces a new set of images called
SCP_BL2U, BL2U and NS_BL2U, which can be packed in a FWU FIP file.

This patch introduces new UU

FWU: Add FWU support to `fip_create` tool

Firmware Update (FWU) introduces a new set of images called
SCP_BL2U, BL2U and NS_BL2U, which can be packed in a FWU FIP file.

This patch introduces new UUIDs for the Firmware Update images
and extends the 'fip'create' tool so that these new images can be
packed in a FIP file.

Change-Id: I7c60211b4f3cc265411efb131e6d3c624768f522

show more ...

FWU: Add Firmware Update support in BL2U for ARM platforms

This patch adds support for Firmware update in BL2U for ARM
platforms such that TZC initialization is performed on all
ARM platforms and (o

FWU: Add Firmware Update support in BL2U for ARM platforms

This patch adds support for Firmware update in BL2U for ARM
platforms such that TZC initialization is performed on all
ARM platforms and (optionally) transfer of SCP_BL2U image on
ARM CSS platforms.

BL2U specific functions are added to handle early_platform and
plat_arch setup. The MMU is configured to map in the BL2U
code/data area and other required memory.

Change-Id: I57863295a608cc06e6cbf078b7ce34cbd9733e4f

show more ...

FWU: Add Generic BL2U FWU image support in BL2

The Firmware Update (FWU) feature needs support for an optional
secure world image, BL2U, to allow additional secure world
initialization required by F

FWU: Add Generic BL2U FWU image support in BL2

The Firmware Update (FWU) feature needs support for an optional
secure world image, BL2U, to allow additional secure world
initialization required by FWU, for example DDR initialization.

This patch adds generic framework support to create BL2U.

NOTE: A platform makefile must supply additional `BL2U_SOURCES`
to build the bl2u target. A subsequent patch adds bl2u
support for ARM platforms.

Change-Id: If2ce036199bb40b39b7f91a9332106bcd4e25413

show more ...

FWU: Add Firmware Update support in BL1 for ARM platforms

This patch adds Firmware Update support for ARM platforms.

New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide
platform spec

FWU: Add Firmware Update support in BL1 for ARM platforms

This patch adds Firmware Update support for ARM platforms.

New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide
platform specific Firmware update code.

BL1 now includes mmap entry for `ARM_MAP_NS_DRAM1` to map DRAM for
authenticating NS_BL2U image(For both FVP and JUNO platform).

Change-Id: Ie116cd83f5dc00aa53d904c2f1beb23d58926555

show more ...

FWU: Add Generic Firmware Update framework support in BL1

Firmware update(a.k.a FWU) feature is part of the TBB architecture.
BL1 is responsible for carrying out the FWU process if platform
specific

FWU: Add Generic Firmware Update framework support in BL1

Firmware update(a.k.a FWU) feature is part of the TBB architecture.
BL1 is responsible for carrying out the FWU process if platform
specific code detects that it is needed.

This patch adds support for FWU feature support in BL1 which is
included by enabling `TRUSTED_BOARD_BOOT` compile time flag.

This patch adds bl1_fwu.c which contains all the core operations
of FWU, which are; SMC handler, image copy, authentication, execution
and resumption. It also adds bl1.h introducing #defines for all
BL1 SMCs.

Following platform porting functions are introduced:

int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags);
This function can be used to add platform specific memory checks
for the provided base/size for the given security state.
The weak definition will invoke `assert()` and return -ENOMEM.

__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
This function can be used to initiate platform specific procedure
to mark completion of the FWU process.
The weak definition waits forever calling `wfi()`.

plat_bl1_common.c contains weak definitions for above functions.

FWU process starts when platform detects it and return the image_id
other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in
`bl1_main()`.

NOTE: User MUST provide platform specific real definition for
bl1_plat_mem_check() in order to use it for Firmware update.

Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed

show more ...

Add descriptor based image management support in BL1

As of now BL1 loads and execute BL2 based on hard coded information
provided in BL1. But due to addition of support for upcoming Firmware
Update

Add descriptor based image management support in BL1

As of now BL1 loads and execute BL2 based on hard coded information
provided in BL1. But due to addition of support for upcoming Firmware
Update feature, BL1 now require more flexible approach to load and
run different images using information provided by the platform.

This patch adds new mechanism to load and execute images based on
platform provided image id's. BL1 now queries the platform to fetch
the image id of the next image to be loaded and executed. In order
to achieve this, a new struct image_desc_t was added which holds the
information about images, such as: ep_info and image_info.

This patch introduces following platform porting functions:

unsigned int bl1_plat_get_next_image_id(void);
This is used to identify the next image to be loaded
and executed by BL1.

struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
This is used to retrieve the image_desc for given image_id.

void bl1_plat_set_ep_info(unsigned int image_id,
struct entry_point_info *ep_info);
This function allows platforms to update ep_info for given
image_id.

The plat_bl1_common.c file provides default weak implementations of
all above functions, the `bl1_plat_get_image_desc()` always return
BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return
BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns.
These functions gets compiled into all BL1 platforms by default.

Platform setup in BL1, using `bl1_platform_setup()`, is now done
_after_ the initialization of authentication module. This change
provides the opportunity to use authentication while doing the
platform setup in BL1.

In order to store secure/non-secure context, BL31 uses percpu_data[]
to store context pointer for each core. In case of BL1 only the
primary CPU will be active hence percpu_data[] is not required to
store the context pointer.

This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to
store the context and context pointers respectively. It also also
re-defines cm_get_context() and cm_set_context() for BL1 in
bl1/bl1_context_mgmt.c.

BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime
environment, to support resuming execution from a previously saved
context.

NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS
NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE
THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()`
INSTEAD TO MAINTAIN EXISTING BEHAVIOUR.

Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881

show more ...

Move context management code to common location

The upcoming Firmware Update feature needs transitioning across
Secure/Normal worlds to complete the FWU process and hence requires
context management

Move context management code to common location

The upcoming Firmware Update feature needs transitioning across
Secure/Normal worlds to complete the FWU process and hence requires
context management code to perform this task.

Currently context management code is part of BL31 stage only.
This patch moves the code from (include)/bl31 to (include)/common.
Some function declarations/definitions and macros have also moved
to different files to help code sharing.

Change-Id: I3858b08aecdb76d390765ab2b099f457873f7b0c

show more ...

Remove `RUN_IMAGE` usage as opcode passed to next EL.

The primary usage of `RUN_IMAGE` SMC function id, used by BL2 is to
make a request to BL1 to execute BL31. But BL2 also uses it as
opcode to che

Remove `RUN_IMAGE` usage as opcode passed to next EL.

The primary usage of `RUN_IMAGE` SMC function id, used by BL2 is to
make a request to BL1 to execute BL31. But BL2 also uses it as
opcode to check if it is allowed to execute which is not the
intended usage of `RUN_IMAGE` SMC.

This patch removes the usage of `RUN_IMAGE` as opcode passed to
next EL to check if it is allowed to execute.

Change-Id: I6aebe0415ade3f43401a4c8a323457f032673657

show more ...

Specify BL31 runtime console for ARM Standard platforms

This patch overrides the default weak definition of
`bl31_plat_runtime_setup()` for ARM Standard platforms to
specify a BL31 runtime console.

Specify BL31 runtime console for ARM Standard platforms

This patch overrides the default weak definition of
`bl31_plat_runtime_setup()` for ARM Standard platforms to
specify a BL31 runtime console. ARM Standard platforms are
now expected to define `PLAT_ARM_BL31_RUN_UART_BASE` and
`PLAT_ARM_BL31_RUN_UART_CLK_IN_HZ` macros which is required
by `arm_bl31_plat_runtime_setup()` to initialize the runtime
console.

The system suspend resume helper `arm_system_pwr_domain_resume()`
is fixed to initialize the runtime console rather than the boot
console on resumption from system suspend.

Fixes ARM-software/tf-issues#220

Change-Id: I80eafe5b6adcfc7f1fdf8b99659aca1c64d96975

show more ...

Ensure BL31 does not print to boot console by default

It is not ideal for BL31 to continue to use boot console at
runtime which could be potentially uninitialized. This patch
introduces a new option

Ensure BL31 does not print to boot console by default

It is not ideal for BL31 to continue to use boot console at
runtime which could be potentially uninitialized. This patch
introduces a new optional platform porting API
`bl31_plat_runtime_setup()` which allows the platform to perform
any BL31 runtime setup just prior to BL31 exit during cold boot.
The default weak implementation of this function will invoke
`console_uninit()` which will suppress any BL31 runtime logs.

On the ARM Standard platforms, there is an anomaly that
the boot console will be reinitialized on resumption from
system suspend in `arm_system_pwr_domain_resume()`. This
will be resolved in the following patch.

NOTE: The default weak definition of `bl31_plat_runtime_setup()`
disables the BL31 console. To print the BL31 runtime
messages, platforms must override this API and initialize a
runtime console.

Fixes ARM-software/tf-issues#328

Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a

show more ...

Introduce console_uninit() API in ARM Trusted Firmware

Allowing console base address to be set to NULL conveniently
allows console driver to ignore further invocations to console_putc()
and console_

Introduce console_uninit() API in ARM Trusted Firmware

Allowing console base address to be set to NULL conveniently
allows console driver to ignore further invocations to console_putc()
and console_getc(). This patch adds `console_uninit()` API to the
console driver which sets console base address as NULL. The BL images can
invoke this API to finish the use of console and ignore any further
invocations to print to the console.

Change-Id: I00a1762b3e0b7c55f2be2f9c4c9bee3967189dde

show more ...

Merge pull request #460 from sandrine-bailleux/sb/init-vttbrel2-vmid

Initialize VTTBR_EL2 when bypassing EL2

Initialize VTTBR_EL2 when bypassing EL2

In the situation that EL1 is selected as the exception level for the
next image upon BL31 exit for a processor that supports EL2, the
context management code

Initialize VTTBR_EL2 when bypassing EL2

In the situation that EL1 is selected as the exception level for the
next image upon BL31 exit for a processor that supports EL2, the
context management code must configure all essential EL2 register
state to ensure correct execution of EL1.

VTTBR_EL2 should be part of this set of EL2 registers because:
- The ARMv8-A architecture does not define a reset value for this
register.
- Cache maintenance operations depend on VTTBR_EL2.VMID even when
non-secure EL1&0 stage 2 address translation are disabled.

This patch initializes the VTTBR_EL2 register to 0 when bypassing EL2
to address this issue. Note that this bug has not yet manifested
itself on FVP or Juno because VTTBR_EL2.VMID resets to 0 on the
Cortex-A53 and Cortex-A57.

Change-Id: I58ce2d16a71687126f437577a506d93cb5eecf33

show more ...

Merge pull request #456 from soby-mathew/sm/gicv3-tsp-plat-changes-v2

Modify TSP and ARM standard platforms for new GIC drivers v2

Merge pull request #455 from jcastillo-arm/jc/fvp_delay_timer

Fix SP804 delay timer on FVP

Enable support for EL3 interrupt in IMF

This patch enables support for EL3 interrupts in the Interrupt Management
Framework (IMF) of ARM Trusted Firmware. Please note that although the
registration

Enable support for EL3 interrupt in IMF

This patch enables support for EL3 interrupts in the Interrupt Management
Framework (IMF) of ARM Trusted Firmware. Please note that although the
registration of the EL3 interrupt type is now supported, it has not been
tested on any of the ARM Standard platforms.

Change-Id: If4dcdc7584621522a2f3ea13ea9b1ad0a76bb8a1

show more ...

Rework use of ARM GIC drivers on ARM platforms

Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both

Rework use of ARM GIC drivers on ARM platforms

Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both
versions of the GIC architecture. These drivers correspond to the following
software use cases:

1. A GICv2 only driver that can run only on ARM GIC v2.0 implementations
e.g. GIC-400

2. A GICv3 only driver that can run only on ARM GIC v3.0 implementations
e.g. GIC-500 in a mode where all interrupt regimes use GICv3 features

3. A deprecated GICv3 driver that operates in legacy mode. This driver can
operate only in the GICv2 mode in the secure world. On a GICv3 system, this
driver allows normal world to run in either GICv3 mode (asymmetric mode)
or in the GICv2 mode. Both modes of operation are deprecated on GICv3
systems.

ARM platforms implement both versions of the GIC architecture. This patch adds a
layer of abstraction to help ARM platform ports chose the right GIC driver and
corresponding platform support. This is as described below:

1. A set of ARM common functions have been introduced to initialise the GIC and
the driver during cold and warm boot. These functions are prefixed as
"plat_arm_gic_". Weak definitions of these functions have been provided for
each type of driver.

2. Each platform includes the sources that implement the right functions
directly into the its makefile. The FVP can be instantiated with different
versions of the GIC architecture. It uses the FVP_USE_GIC_DRIVER build option
to specify which of the three drivers should be included in the build.

3. A list of secure interrupts has to be provided to initialise each of the
three GIC drivers. For GIC v3.0 the interrupt ids have to be further
categorised as Group 0 and Group 1 Secure interrupts. For GIC v2.0, the two
types are merged and treated as Group 0 interrupts.

The two lists of interrupts are exported from the platform_def.h. The lists
are constructed by adding a list of board specific interrupt ids to a list of
ids common to all ARM platforms and Compute sub-systems.

This patch also makes some fields of `arm_config` data structure in FVP redundant
and these unused fields are removed.

Change-Id: Ibc8c087be7a8a6b041b78c2c3bd0c648cd2035d8

show more ...

Prepare platforms to use refactored ARM GIC drivers

This patch adds platform helpers for the new GICv2 and GICv3 drivers in
plat_gicv2.c and plat_gicv3.c. The platforms can include the appropriate
f

Prepare platforms to use refactored ARM GIC drivers

This patch adds platform helpers for the new GICv2 and GICv3 drivers in
plat_gicv2.c and plat_gicv3.c. The platforms can include the appropriate
file in their build according to the GIC driver to be used. The existing
plat_gic.c is only meant for the legacy GIC driver.

In the case of ARM platforms, the major changes are as follows:

1. The crash reporting helper macro `arm_print_gic_regs` that prints the GIC CPU
interface register values has been modified to detect the type of CPU
interface being used (System register or memory mappped interface) before
using the right interface to print the registers.

2. The power management helper function that is called after a core is powered
up has been further refactored. This is to highlight that the per-cpu
distributor interface should be initialised only when the core was originally
powered down using the CPU_OFF PSCI API and not when the CPU_SUSPEND PSCI API
was used.

3. In the case of CSS platforms, the system power domain restore helper
`arm_system_pwr_domain_resume()` is now only invoked in the `suspend_finish`
handler as the system power domain is always expected to be initialized when
the `on_finish` handler is invoked.

Change-Id: I7fc27d61fc6c2a60cea2436b676c5737d0257df6

show more ...

Merge pull request #454 from yatharth-arm/vk/deprecate-cci-400

Add CCI-400 specific driver to deprecated driver list

Add CCI-400 specific driver to deprecated driver list

Add compile time `__warn_deprecated` flag to public api's in CCI-400
specific driver so that user is aware of the driver being deprecated.
Simil

Add CCI-400 specific driver to deprecated driver list

Add compile time `__warn_deprecated` flag to public api's in CCI-400
specific driver so that user is aware of the driver being deprecated.
Similarly, it also adds an error message when `ERROR_DEPRECATED` is set
to prevent succesful compilation if CCI-400 specific driver is used.

Change-Id: Id7e61a560262abc01cbbd432ca85b9bf448a194d

show more ...

Enable use of FIQs and IRQs as TSP interrupts

On a GICv2 system, interrupts that should be handled in the secure world are
typically signalled as FIQs. On a GICv3 system, these interrupts are signal

Enable use of FIQs and IRQs as TSP interrupts

On a GICv2 system, interrupts that should be handled in the secure world are
typically signalled as FIQs. On a GICv3 system, these interrupts are signalled
as IRQs instead. The mechanism for handling both types of interrupts is the same
in both cases. This patch enables the TSP to run on a GICv3 system by:

1. adding support for handling IRQs in the exception handling code.
2. removing use of "fiq" in the names of data structures, macros and functions.

The build option TSPD_ROUTE_IRQ_TO_EL3 is deprecated and is replaced with a
new build flag TSP_NS_INTR_ASYNC_PREEMPT. For compatibility reasons, if the
former build flag is defined, it will be used to define the value for the
new build flag. The documentation is also updated accordingly.

Change-Id: I1807d371f41c3656322dd259340a57649833065e

show more ...