Merge "refactor(console): disable getc() by default" into integration

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A

refactor(console): disable getc() by default

The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.

Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.

This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.

The following changes are introduced when getc() is disabled:

- The multi-console framework no longer provides the console_getc()
function.

- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.

If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up

If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'

- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.

[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.

Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/

Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>

show more ...

Merge "perf(imx): speed-up console/uart TX using FIFO" into integration

perf(imx): speed-up console/uart TX using FIFO

The current putc version test for TXEMPTY bit set (#6) instead
of waiting for TXFULL bit clear (#4), that slows the global
boot time as we are not taki

perf(imx): speed-up console/uart TX using FIFO

The current putc version test for TXEMPTY bit set (#6) instead
of waiting for TXFULL bit clear (#4), that slows the global
boot time as we are not taking benefit of the 32-byte FIFO.

We then need to implement the flush function to be sure the
transmit is complete (FIFO and shift register empty).

Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Change-Id: I54873a5203e2afdc230e44ce73284e7a80985b4f

show more ...

Merge "Don't return error information from console_flush" into integration

Don't return error information from console_flush

And from crash_console_flush.

We ignore the error information return by console_flush in _every_
place where we call it, and casting the return typ

Don't return error information from console_flush

And from crash_console_flush.

We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.

Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

show more ...

Merge changes from topic "console_t_drvdata_fix" into integration

* changes:
imx: console: Use CONSOLE_T_BASE for UART base address
Tegra: spe: use CONSOLE_T_BASE to save MMIO base address

imx: console: Use CONSOLE_T_BASE for UART base address

Since commit ac71344e9eca we have the UART base address in the generic
console_t structure. For most platforms the platform-specific struct
con

imx: console: Use CONSOLE_T_BASE for UART base address

Since commit ac71344e9eca we have the UART base address in the generic
console_t structure. For most platforms the platform-specific struct
console is gone, so we *must* use the embedded base address, since there
is no storage behind the generic console_t anymore.

Replace the usage of CONSOLE_T_DRVDATA with CONSOLE_T_BASE to fix this.

Change-Id: I6d2ab0bc2c845c71f98b9dd64d89eef3252f4591
Reported-by: Varun Wadekar <vwadekar@nvidia.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge pull request #1920 from ambroise-arm/av/deprecated

Remove deprecated interfaces

Console: remove deprecated finish_console_register

The old version of the macro is deprecated.

Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more det

Console: remove deprecated finish_console_register

The old version of the macro is deprecated.

Commit cc5859ca19ff ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.

Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

show more ...

Merge pull request #1755 from Anson-Huang/lpuart

make lpuart and imx uart work for debug mode

imx: make imx uart work for debug mode

With DEBUG_CONSOLE enabled, build will fail for imx8mq platform:

./build/imx8mq/release/bl31/imx8mq_bl31_setup.o:
In function `bl31_early_platform_setup2':
im

imx: make imx uart work for debug mode

With DEBUG_CONSOLE enabled, build will fail for imx8mq platform:

./build/imx8mq/release/bl31/imx8mq_bl31_setup.o:
In function `bl31_early_platform_setup2':
imx8mq_bl31_setup.c:(.text.bl31_early_platform_setup2+0x40):
undefined reference to `console_uart_register'
Makefile:741: recipe for target 'build/imx8mq/release/bl31/bl31.elf' failed
make: *** [build/imx8mq/release/bl31/bl31.elf] Error 1

Besides, the .console_flush callback needs to be added to avoid
panic when debug mode is enabled, since the console_flush() will
call it without checking whether the function callback is valid.

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>

show more ...

Merge pull request #1653 from JackyBai/master

Add NXP i.MX8MQ basic support

plat: imx: Add i.MX8MQ basic support

i.MX8MQ is new SOC of NXP's i.MX8M family based on
A53. It can provide industry-leading audio, voice
and video processing for applications that scale
from consum

plat: imx: Add i.MX8MQ basic support

i.MX8MQ is new SOC of NXP's i.MX8M family based on
A53. It can provide industry-leading audio, voice
and video processing for applications that scale
from consumer home audio to industrial building
automation and mobile computers

this patchset add the basic supoort to boot up
the 4 X A53. more feature will be added later.

Signed-off-by: Bai Ping <ping.bai@nxp.com>

show more ...