Add and use plat_crash_console_flush() API

This API makes sure that all the characters sent to the crash console
are output before returning from it.

Porting guide updated.

Change-Id: I1785f970a40

Add and use plat_crash_console_flush() API

This API makes sure that all the characters sent to the crash console
are output before returning from it.

Porting guide updated.

Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #879 from Summer-ARM/sq/mt-support

ARM platforms: Add support for MT bit in MPIDR

ARM platforms: Add support for MT bit in MPIDR

This patch modifies some of the functions in ARM platform layer to cater
for the case when multi-threading `MT` is set in MPIDR. A new build flag
`ARM_

ARM platforms: Add support for MT bit in MPIDR

This patch modifies some of the functions in ARM platform layer to cater
for the case when multi-threading `MT` is set in MPIDR. A new build flag
`ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR
now assume that the `MT` bit is set for the platform and access the bit
fields accordingly.

Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is
enabled, returning the PE count within the physical cpu corresponding to
`mpidr`.

Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb
Signed-off-by: Summer Qin <summer.qin@arm.com>

show more ...

Move plat/common source file definitions to generic Makefiles

These source file definitions should be defined in generic
Makefiles so that all platforms can benefit. Ensure that the
symbols are prop

Move plat/common source file definitions to generic Makefiles

These source file definitions should be defined in generic
Makefiles so that all platforms can benefit. Ensure that the
symbols are properly marked as weak so they can be overridden
by platforms.

NOTE: This change is a potential compatibility break for
non-upstream platforms.

Change-Id: I7b892efa9f2d6d216931360dc6c436e1d10cffed
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

ARM platforms: Enable xlat tables lib v2

Modify ARM common makefile to use version 2 of the translation tables
library and include the new header in C files.

Simplify header dependencies related to

ARM platforms: Enable xlat tables lib v2

Modify ARM common makefile to use version 2 of the translation tables
library and include the new header in C files.

Simplify header dependencies related to this library to simplify the
change.

The following table contains information about the size increase in
bytes for BL1 after applying this patch. The code has been compiled for
different configurations of FVP in AArch64 mode with compiler GCC 4.9.3
20150413. The sizes have been calculated with the output of `nm` by
adding the size of all regions and comparing the total size before and
after the change. They are sumarized in the table below:

text bss data total
Release +660 -20 +88 +728
Debug +740 -20 +242 +962
Debug (LOG_LEVEL=50) +1120 -20 +317 +1417

Change-Id: I539e307f158ab71e3a8b771640001fc1bf431b29
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #834 from douglas-raillard-arm/dr/use_dc_zva_zeroing

Use DC ZVA instruction to zero memory

PSCI: Decouple PSCI stat residency calculation from PMF

This patch introduces the following three platform interfaces:

* void plat_psci_stat_accounting_start(const psci_power_state_t *state_info)

PSCI: Decouple PSCI stat residency calculation from PMF

This patch introduces the following three platform interfaces:

* void plat_psci_stat_accounting_start(const psci_power_state_t *state_info)

This is an optional hook that platforms can implement in order
to perform accounting before entering a low power state. This
typically involves capturing a timestamp.

* void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info)

This is an optional hook that platforms can implement in order
to perform accounting after exiting from a low power state. This
typically involves capturing a timestamp.

* u_register_t plat_psci_stat_get_residency(unsigned int lvl,
const psci_power_state_t *state_info,
unsigned int last_cpu_index)

This is an optional hook that platforms can implement in order
to calculate the PSCI stat residency.

If any of these interfaces are overridden by the platform, it is
recommended that all of them are.

By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT`
is set but `ENABLE_PMF` is not set then an alternative PSCI stat
collection backend must be provided. If both are set, then default
weak definitions of these functions are provided, using PMF to
calculate the residency.

NOTE: Previously, platforms did not have to explicitly set
`ENABLE_PMF` since this was automatically done by the top-level
Makefile.

Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Replace some memset call by zeromem

Replace all use of memset by zeromem when zeroing moderately-sized
structure by applying the following transformation:
memset(x, 0, sizeof(x)) => zeromem(x, sizeo

Replace some memset call by zeromem

Replace all use of memset by zeromem when zeroing moderately-sized
structure by applying the following transformation:
memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x))

As the Trusted Firmware is compiled with -ffreestanding, it forbids the
compiler from using __builtin_memset and forces it to generate calls to
the slow memset implementation. Zeromem is a near drop in replacement
for this use case, with a more efficient implementation on both AArch32
and AArch64.

Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Use #ifdef for AARCH32 instead of #if

One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.

For the former gr

Use #ifdef for AARCH32 instead of #if

One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.

For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)

For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.

For AARCH32/AARCH64, these macros are defined in the top-level
Makefile as follows:

ifeq (${ARCH},aarch32)
$(eval $(call add_define,AARCH32))
else
$(eval $(call add_define,AARCH64))
endif

This means only one of the two is defined. So, AARCH32/AARCH64
belongs to the latter group where we should use #ifdef or #ifndef.
The conditionals are mostly coded correctly, but I see some mistakes.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Use #ifdef for IMAGE_BL* instead of #if

One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.

For the former

Use #ifdef for IMAGE_BL* instead of #if

One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.

For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)

For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.

Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like
follows:

$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))

$(OBJ): $(2)
@echo " CC $$<"
$$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@

This means, IMAGE_BL* is defined when building the corresponding
image, but *undefined* for the other images.

So, IMAGE_BL* belongs to the latter group where we should use #ifdef
or #ifndef.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Move BL_COHERENT_RAM_BASE/END defines to common_def.h

We have lots of duplicated defines (and comment blocks too).
Move them to include/plat/common/common_def.h.

While we are here, suffix the end a

Move BL_COHERENT_RAM_BASE/END defines to common_def.h

We have lots of duplicated defines (and comment blocks too).
Move them to include/plat/common/common_def.h.

While we are here, suffix the end address with _END instead of
_LIMIT. The _END is a better fit to indicate the linker-derived
real end address.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Use *_END instead of *_LIMIT for linker derived end addresses

The usage of _LIMIT seems odd here, so rename as follows:
BL_CODE_LIMIT --> BL_CODE_END
BL_RO_DATA_LIMIT --> BL_RO_DATA_END
B

Use *_END instead of *_LIMIT for linker derived end addresses

The usage of _LIMIT seems odd here, so rename as follows:
BL_CODE_LIMIT --> BL_CODE_END
BL_RO_DATA_LIMIT --> BL_RO_DATA_END
BL1_CODE_LIMIT --> BL1_CODE_END
BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END

Basically, we want to use _LIMIT and _END properly as follows:
*_SIZE + *_MAX_SIZE = *_LIMIT
*_SIZE + *_SIZE = *_END

The _LIMIT is generally defined by platform_def.h to indicate the
platform-dependent memory constraint. So, its typical usage is
ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.")
in a linker script.

On the other hand, _END is used to indicate the end address of the
compiled image, i.e. we do not know it until the image is linked.

Here, all of these macros belong to the latter, so should be
suffixed with _END.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge pull request #791 from jeenu-arm/asm-assert-32

AArch32: Print ASM_ASSERT and panic messages

Merge pull request #793 from jeenu-arm/gic-changes

GIC driver changes for extended power management

Fix integer overflows in BL1 FWU code

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it do

Fix integer overflows in BL1 FWU code

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.

As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.

Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory

Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>

show more ...

Merge pull request #785 from dp-arm/dp/nvcounter

AArch32: Print ASM_ASSERT and panic messages

ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line n

AArch32: Print ASM_ASSERT and panic messages

ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.

Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

tbbr: Fix updating of Non-Trusted NV counter

The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certific

tbbr: Fix updating of Non-Trusted NV counter

The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate. This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.

The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.

Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.

A new optional platform API has been introduced, named
plat_set_nv_ctr2(). Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters. A default weak implementation is available
that just calls into plat_set_nv_ctr().

Fixes ARM-software/tf-issues#426

Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Introduce ARM platform APIs for GICv3 Redistributor

As with other ARM platform GIC APIs, these directly invoke the GICv3
driver APIs for Redistributor power management.

For the sake of uniform GIC

Introduce ARM platform APIs for GICv3 Redistributor

As with other ARM platform GIC APIs, these directly invoke the GICv3
driver APIs for Redistributor power management.

For the sake of uniform GIC API, empty stubs are placed for those GIC
drivers that lack Redistributor component.

Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1

This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.

This patch also enables LOA

Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1

This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.

This patch also enables LOAD_IMAGE_V2 for ARM platforms.

Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>

show more ...

Allow ARM Standard platforms to dynamically define PSCI capability

The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Curren

Allow ARM Standard platforms to dynamically define PSCI capability

The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
Standard platforms statically define this structure. However, some
platforms may want to modify the hooks at runtime before registering
them with the generic layer.

This patch introduces a new ARM platform layer API
`plat_arm_psci_override_pm_ops` which allows the platform to probe
the power controller and modify `plat_arm_psci_pm_ops` if required.
Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
`const` on ARM Standard platforms.

Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Clarify dependency for PSCI_EXTENDED_STATE_ID

Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC
that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM
platforms. Also cl

Clarify dependency for PSCI_EXTENDED_STATE_ID

Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC
that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM
platforms. Also clarify the build error message.

Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Introduce ARM SiP service

This patch adds ARM SiP service for use by ARM standard platforms.
This service is added to support the SMC interface for the Performance
measurement framework(PMF).

Chang

Introduce ARM SiP service

This patch adds ARM SiP service for use by ARM standard platforms.
This service is added to support the SMC interface for the Performance
measurement framework(PMF).

Change-Id: I26f5712f9ab54f5f721dd4781e35a16f40aacc44
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

AArch32: Support in SP_MIN to receive arguments from BL2

This patch adds support in SP_MIN to receive generic and
platform specific arguments from BL2.

The new signature is as following:
void s

AArch32: Support in SP_MIN to receive arguments from BL2

This patch adds support in SP_MIN to receive generic and
platform specific arguments from BL2.

The new signature is as following:
void sp_min_early_platform_setup(void *from_bl2,
void *plat_params_from_bl2);

ARM platforms have been modified to use this support.

Note: Platforms may break if using old signature.
Default value for RESET_TO_SP_MIN is changed to 0.

Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0

show more ...

AArch32: Add ARM platform changes in BL2

This patch adds ARM platform changes in BL2 for AArch32 state.
It instantiates a descriptor array for ARM platforms describing
image and entrypoint informati

AArch32: Add ARM platform changes in BL2

This patch adds ARM platform changes in BL2 for AArch32 state.
It instantiates a descriptor array for ARM platforms describing
image and entrypoint information for `SCP_BL2`, `BL32` and `BL33`.
It also enables building of BL2 for ARCH=aarch32.

Change-Id: I60dc7a284311eceba401fc789311c50ac746c51e

show more ...