plat/arm/juno: Add support to use hw_config in BL31

To make it possible to use the hw_config device tree for dynamic
configuration in BL31 on the Arm Juno platform. A placeholder hw_config
has been

plat/arm/juno: Add support to use hw_config in BL31

To make it possible to use the hw_config device tree for dynamic
configuration in BL31 on the Arm Juno platform. A placeholder hw_config
has been added that is included in the FIP and a Juno specific BL31
setup has been added to populate fconf with the hw_config.

Juno's BL2 setup has been updated to align it with the new behavior
implemented in the Arm FVP platform, where fw_config is passed in arg1
to BL31 instead of soc_fw_config. The BL31 setup is expected to use the
fw_config passed in arg1 to find the hw_config.

Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ib3570faa6714f92ab8451e8f1e59779dcf19c0b6

show more ...

Merge changes from topic "trng-svc" into integration

* changes:
plat/arm: juno: Use TRNG entropy source for SMCCC TRNG interface
plat/arm: juno: Condition Juno entropy source with CRC instructio

Merge changes from topic "trng-svc" into integration

* changes:
plat/arm: juno: Use TRNG entropy source for SMCCC TRNG interface
plat/arm: juno: Condition Juno entropy source with CRC instructions

show more ...

plat/arm: juno: Use TRNG entropy source for SMCCC TRNG interface

Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remainin

plat/arm: juno: Use TRNG entropy source for SMCCC TRNG interface

Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.

We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.

Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

plat/arm: juno: Condition Juno entropy source with CRC instructions

The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.

To improve th

plat/arm: juno: Condition Juno entropy source with CRC instructions

The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.

To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.

This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.

Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge "plat/arm:juno: fix parallel build issue for romlib config" into integration

plat/arm:juno: fix parallel build issue for romlib config

When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/bu

plat/arm:juno: fix parallel build issue for romlib config

When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.

Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84

show more ...

Merge "plat/arm: Add dependencies to configuration files" into integration

plat/arm: Add dependencies to configuration files

This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when t

plat/arm: Add dependencies to configuration files

This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when the FIP happens to be built first.

Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b
Signed-off-by: Anders Dellien <anders.dellien@arm.com>

show more ...

Merge "TF-A GICv2 driver: Introduce makefile" into integration

TF-A GICv2 driver: Introduce makefile

This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affectin

TF-A GICv2 driver: Introduce makefile

This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.

NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.

Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

show more ...

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/a

Merge changes from topic "fw_config_handoff" into integration

* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree

show more ...

plat/arm: Rentroduce tb_fw_config device tree

Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.

fw_config device tree's main usage is to hold properties shared

plat/arm: Rentroduce tb_fw_config device tree

Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.

fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).

Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a

show more ...

Merge changes from topic "macro-cleanup" into integration

* changes:
plat: remove redundant =1 from -D option
Pass more -D options to BL*_CPPFLAGS instead of BL*_CFLAGS

plat: remove redundant =1 from -D option

As GCC manual says, -D option defines a macro as 1, if =<value> is omitted.

-D <name>
Predefine <name> as a macro, with definition 1.

The same appl

plat: remove redundant =1 from -D option

As GCC manual says, -D option defines a macro as 1, if =<value> is omitted.

-D <name>
Predefine <name> as a macro, with definition 1.

The same applied with Clang, too.

In the context of -D option, =1 is always redundant.

Change-Id: I487489a1ea3eb51e734741619c1e65dab1420bc4
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge "plat: pass -D option to BL*_CPPFLAGS instead of BL*_CFLAGS" into integration

plat: pass -D option to BL*_CPPFLAGS instead of BL*_CFLAGS

-D is a preprocessor flag that defines a macro. So, adding it to
BL*_CPPFLAGS makes more sense. You can reference it not only from
.c files

plat: pass -D option to BL*_CPPFLAGS instead of BL*_CFLAGS

-D is a preprocessor flag that defines a macro. So, adding it to
BL*_CPPFLAGS makes more sense. You can reference it not only from
.c files but also from .S files.

Change-Id: Ib4f2f27a3ed3eae476a6a32da7ab5225ad0649de
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge "Read-only xlat tables for BL31 memory" into integration

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who h

Read-only xlat tables for BL31 memory

This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.

The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.

To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.

Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.

The caches are also flushed.

Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466

show more ...

Merge changes from topic "lm/fconf" into integration

* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform

Merge changes from topic "lm/fconf" into integration

* changes:
arm-io: Panic in case of io setup failure
MISRA fix: Use boolean essential type
fconf: Add documentation
fconf: Move platform io policies into fconf
fconf: Add mbedtls shared heap as property
fconf: Add TBBR disable_authentication property
fconf: Add dynamic config DTBs info as property
fconf: Populate properties from dtb during bl2 setup
fconf: Load config dtb from bl1
fconf: initial commit

show more ...

fconf: Add dynamic config DTBs info as property

This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.

The dy

fconf: Add dynamic config DTBs info as property

This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.

The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.

The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.

Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

Merge "Adds option to read ROTPK from registers for FVP" into integration

Adds option to read ROTPK from registers for FVP

Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys fro

Adds option to read ROTPK from registers for FVP

Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.

Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.

Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

show more ...

Merge changes from topic "lm/juno_dyn_cfg" into integration

* changes:
Juno: Use shared mbedtls heap between bl1 and bl2
Juno: add basic support for dynamic config

Juno: add basic support for dynamic config

Add the disable_auth dynamic parameter, that allows to disable the
authentication when TBBR is enabled. This parameter is for development
only.

Change-Id:

Juno: add basic support for dynamic config

Add the disable_auth dynamic parameter, that allows to disable the
authentication when TBBR is enabled. This parameter is for development
only.

Change-Id: Ic24ad16738517f7e07c4f506dcf69a1ae8df7d2d
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

show more ...

Merge "arm: Shorten the Firmware Update (FWU) process" into integration