optee: print header info before validate

Currently optee header info is only printed after it is validated,
but this does not help with debugging in case of error, so print it
before.

Signed-off-by

optee: print header info before validate

Currently optee header info is only printed after it is validated,
but this does not help with debugging in case of error, so print it
before.

Signed-off-by: Victor Chong <victor.chong@linaro.org>

show more ...

Merge pull request #1173 from etienne-lms/armv7-qemu

support to boot OP-TEE on AArch32/Armv7+example with Cortex-A15/Qemu

Merge pull request #1224 from masahir0y/gzip

Support GZIP-compressed images for faster loading and verification

aarch32: optee: define the OP-TEE secure payload

AArch32 only platforms can boot the OP-TEE secure firmware as
a BL32 secure payload. Such configuration can be defined through
AARCH32_SP=optee.

The

aarch32: optee: define the OP-TEE secure payload

AArch32 only platforms can boot the OP-TEE secure firmware as
a BL32 secure payload. Such configuration can be defined through
AARCH32_SP=optee.

The source files can rely on AARCH32_SP_OPTEE to condition
OP-TEE boot specific instruction sequences.

OP-TEE does not expect ARM Trusted Firmware formatted structure
as boot argument. Load sequence is expected to have already loaded
to OP-TEE boot arguments into the bl32 entrypoint info structure.

Last, AArch32 platform can only boot AArch32 OP-TEE images.

Change-Id: Ic28eec5004315fc9111051add6bb1a1d607fc815
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Merge pull request #1253 from dp-arm/dp/amu32

AMUv1 support for AArch32

zlib: add gunzip() support

This commit adds some more files to use zlib from TF.

To use zlib, ->zalloc and ->zfree hooks are needed. The implementation
depends on the system. For user-space, the

zlib: add gunzip() support

This commit adds some more files to use zlib from TF.

To use zlib, ->zalloc and ->zfree hooks are needed. The implementation
depends on the system. For user-space, the libc provides malloc() and
friends. Unfortunately, ARM Trusted Firmware does not provide malloc()
or any concept of dynamic memory allocation.

I implemented very simple calloc() and free() for this. Stupidly,
zfree() never frees memory, but it works enough for this.

The purpose of using zlib is to implement gunzip() - this function
takes compressed data from in_buf, then dumps the decompressed data
to oub_buf. The work_buf is used for memory allocation during the
decompress. Upon exit, it updates in_buf and out_buf. If successful,
in_buf points to the end of input data, out_buf to the end of the
decompressed data.

To use this feature, you need to do:

- include lib/zlib/zlib.mk from your platform.mk

- add $(ZLIB_SOURCES) to your BL*_SOURCES

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

zlib: import zlib files from zlib 1.2.11

Import the following files from zlib 1.2.11:

adler32.c
crc32.c
crc32.h
inffast.c
inffast.h
inffixed.h
inflate.c
inflate.h
inftree

zlib: import zlib files from zlib 1.2.11

Import the following files from zlib 1.2.11:

adler32.c
crc32.c
crc32.h
inffast.c
inffast.h
inffixed.h
inflate.c
inflate.h
inftrees.c
inftrees.h
zconf.h
zlib.h
zutil.c
zutil.h

The original tarball is available from http://zlib.net/

The zlib is free software, distributed under the zlib license. The
license text is included in the "zlib.h" file. It should be compatible
with BSD-3-Clause.

The zlib license is included in the SPDX license list available at
https://spdx.org/licenses/, but I did not add the SPDX license tag to
the imported files above, to keep them as they are in the upstream
project. This seems the general policy for ARM Trusted Firmware, as
SPDX License Identifier was not added to files imported from FreeBSD.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

misc_helpers: fix zero_normalmem() for BL2_AT_EL3

The assertion in zero_normalmem() fails for BL2_AT_EL3. This mode is
executed in EL3, so it should check sctlr_el3 instead of sctlr_el1.

Signed-of

misc_helpers: fix zero_normalmem() for BL2_AT_EL3

The assertion in zero_normalmem() fails for BL2_AT_EL3. This mode is
executed in EL3, so it should check sctlr_el3 instead of sctlr_el1.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

AMU: Implement context save/restore for aarch32

Add amu_context_save() and amu_context_restore() functions for aarch32

Change-Id: I4df83d447adeaa9d9f203e16dc5a919ffc04d87a
Signed-off-by: Joel Hutto

AMU: Implement context save/restore for aarch32

Add amu_context_save() and amu_context_restore() functions for aarch32

Change-Id: I4df83d447adeaa9d9f203e16dc5a919ffc04d87a
Signed-off-by: Joel Hutton <joel.hutton@arm.com>

show more ...

AMU: Add assembler helper functions for aarch32

Change-Id: Id6dfe885a63561b1d2649521bd020367b96ae1af
Signed-off-by: Joel Hutton <joel.hutton@arm.com>

Optimize SMCCC_ARCH_WORKAROUND_1 on Cortex A57/A72/A73 and A75

This patch implements a fast path for this SMC call on affected PEs by
detecting and returning immediately after executing the workarou

Optimize SMCCC_ARCH_WORKAROUND_1 on Cortex A57/A72/A73 and A75

This patch implements a fast path for this SMC call on affected PEs by
detecting and returning immediately after executing the workaround.

NOTE: The MMU disable/enable workaround now assumes that the MMU was
enabled on entry to EL3. This is a valid assumption as the code turns
on the MMU after reset and leaves it on until the core powers off.

Change-Id: I13c336d06a52297620a9760fb2461b4d606a30b3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Optimize/cleanup BPIALL workaround

In the initial implementation of this workaround we used a dedicated
workaround context to save/restore state. This patch reduces the
footprint as no additional c

Optimize/cleanup BPIALL workaround

In the initial implementation of this workaround we used a dedicated
workaround context to save/restore state. This patch reduces the
footprint as no additional context is needed.

Additionally, this patch reduces the memory loads and stores by 20%,
reduces the instruction count and exploits static branch prediction to
optimize the SMC path.

Change-Id: Ia9f6bf06fbf8a9037cfe7f1f1fb32e8aec38ec7d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Add support for SMCCC_VERSION in PSCI features

On some platforms it may be necessary to discover the SMCCC version
via a PSCI features call.

Change-Id: I95281ac2263ca9aefda1809eb03464fbdb8ac24d
Sig

Add support for SMCCC_VERSION in PSCI features

On some platforms it may be necessary to discover the SMCCC version
via a PSCI features call.

Change-Id: I95281ac2263ca9aefda1809eb03464fbdb8ac24d
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Merge pull request #1228 from dp-arm/dp/cve_2017_5715

Workarounds for CVE-2017-5715 on A9/A15 and A17 + serial console reporting

Merge pull request #1193 from jwerner-chromium/JW_coreboot

New console API and coreboot support [v4]

Merge pull request #1229 from manojkumar-arm/manojkumar-arm/ca72-aarch32-reset-fix

lib/cpus: fix branching in reset function for cortex-a72 AARCH32 mode

coreboot: Add support for CBMEM console

coreboot supports an in-memory console to store firmware logs even when
no serial console is available. It is widely supported by
coreboot-compatible bootload

coreboot: Add support for CBMEM console

coreboot supports an in-memory console to store firmware logs even when
no serial console is available. It is widely supported by
coreboot-compatible bootloaders (including SeaBIOS and GRUB) and can be
read by the Linux kernel.

This patch allows BL31 to add its own log messages to this console. The
driver will be registered automatically if coreboot support is compiled
in and detects the presence of a console buffer in the coreboot tables.

Change-Id: I31254dfa0c2fdeb7454634134b5707b4b4154907
Signed-off-by: Julius Werner <jwerner@chromium.org>

show more ...

Add platform-independent coreboot support library

This patch adds the foundation for a platform-independent coreboot
support library that can be shared by all platforms that boot BL31 from
coreboot

Add platform-independent coreboot support library

This patch adds the foundation for a platform-independent coreboot
support library that can be shared by all platforms that boot BL31 from
coreboot (acting as BL2). It adds code to parse the "coreboot table", a
data structure that coreboot uses to communicate different kinds of
information to later-stage firmware and certain OS drivers.

As a first small use case for this information, allow platforms to
access the serial console configuration used by coreboot, removing the
need to hardcode base address and divisors and allowing Trusted Firmware
to benefit from coreboot's user configuration (e.g. which UART to pick
and which baud rate to use).

Change-Id: I2bfb39cd2609ce6640b844ab68df6c9ae3f28e9e
Signed-off-by: Julius Werner <jwerner@chromium.org>

show more ...

Merge pull request #1200 from robertovargas-arm/bl2-el3

Add BL2_AT_EL3 build option

lib/cpus: fix branching in reset function for cortex-a72 AARCH32 mode

In AARCH32 mode, cortex_a72_reset_func branches to address in lr
register instead of r5 register. This leads to linux boot failu

lib/cpus: fix branching in reset function for cortex-a72 AARCH32 mode

In AARCH32 mode, cortex_a72_reset_func branches to address in lr
register instead of r5 register. This leads to linux boot failure
of Cortex-A72 cores in AARCH32 mode on Juno-R2 board.

This patch fixes the branching of cortex_a72_reset_func to r5
register as in cortex_a57_reset_func implementation.

Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>

show more ...

Workaround for CVE-2017-5715 for Cortex A9, A15 and A17

A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 a

Workaround for CVE-2017-5715 for Cortex A9, A15 and A17

A per-cpu vbar is installed that implements the workaround by
invalidating the branch target buffer (BTB) directly in the case of A9
and A17 and indirectly by invalidating the icache in the case of A15.

For Cortex A57 and A72 there is currently no workaround implemented
when EL3 is in AArch32 mode so report it as missing.

For other vulnerable CPUs (e.g. Cortex A73 and Cortex A75), there are
no changes since there is currently no upstream AArch32 EL3 support
for these CPUs.

Change-Id: Ib42c6ef0b3c9ff2878a9e53839de497ff736258f
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Print erratum application report for CVE-2017-5715

Even though the workaround for CVE-2017-5715 is not a CPU erratum, the
code is piggybacking on the errata framework to print whether the
workaround

Print erratum application report for CVE-2017-5715

Even though the workaround for CVE-2017-5715 is not a CPU erratum, the
code is piggybacking on the errata framework to print whether the
workaround was applied, missing or not needed.

Change-Id: I821197a4b8560c73fd894cd7cd9ecf9503c72fa3
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

Change the default errata format string

As we are using the errata framework to handle workarounds in a more
general sense, change the default string to reflect that.

Change-Id: I2e266af2392c9d95e1

Change the default errata format string

As we are using the errata framework to handle workarounds in a more
general sense, change the default string to reflect that.

Change-Id: I2e266af2392c9d95e18fe4e965f9a1d46fd0e95e
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

bl2-el3: Add BL2_EL3 image

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly

bl2-el3: Add BL2_EL3 image

This patch enables BL2 to execute at the highest exception level
without any dependancy on TF BL1. This enables platforms which already
have a non-TF Boot ROM to directly load and execute BL2 and subsequent BL
stages without need for BL1. This is not currently possible because
BL2 executes at S-EL1 and cannot jump straight to EL3.

Change-Id: Ief1efca4598560b1b8c8e61fbe26d1f44e929d69
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

Merge pull request #1218 from antonio-nino-diaz-arm/an/xlat-fix

xlat v2: Correctly unmap regions on map error