Additional runtime check for DTB presence in BL2

In Mbed TLS shared heap code, an additional sanity check is introduced
in BL2. Currently, when BL2 shares heap with BL1, it expects the heap
info to

Additional runtime check for DTB presence in BL2

In Mbed TLS shared heap code, an additional sanity check is introduced
in BL2. Currently, when BL2 shares heap with BL1, it expects the heap
info to be found in the DTB. If for any reason the DTB is missing, BL2
cannot have the heap address and, hence, Mbed TLS cannot proceed. So,
BL2 cannot continue executing and it will eventually crash. With this
change we ensure that if the DTB is missing BL2 will panic() instead of
having an unpredictable crash.

Change-Id: I3045ae43e54b7fe53f23e7c2d4d00e3477b6a446
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

Slight improvements in Mbed TLS shared heap helpers

This patch, firstly, makes the error messages consistent to how printed
strings are usually formatted. Secondly, it removes an unnecessary #if
dir

Slight improvements in Mbed TLS shared heap helpers

This patch, firstly, makes the error messages consistent to how printed
strings are usually formatted. Secondly, it removes an unnecessary #if
directive.

Change-Id: Idbb8ef0070562634766b683ac65f8160c9d109e6
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

show more ...

drivers: mentor: extract MI2CV driver from Marvell driver

The Marvell A8K SoCs use the MI2CV IP core from Mentor Graphics, which
is also used by Allwinner.

As Mentor Graphics allows a lot of custom

drivers: mentor: extract MI2CV driver from Marvell driver

The Marvell A8K SoCs use the MI2CV IP core from Mentor Graphics, which
is also used by Allwinner.

As Mentor Graphics allows a lot of customization, the MI2CV in the two
SoC families are not compatible, and driver modifications are needed.

Extract the common code to a MI2CV driver.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>

show more ...

Merge pull request #1558 from jenswi-linaro/qemu-update

Qemu updates

Merge pull request #1515 from bryanodonoghue/atf-master+linaro-warp7-squash-v4

Atf master+linaro warp7 squash v4

Merge pull request #1554 from jts-arm/mbed

Mbed TLS shared heap

plat: qemu: update the early platform setup API

Replaces deprecated early platform setup APIs

* Replaces bl31_early_platform_setup() with bl31_early_platform_setup2()
* Replaces bl2_early_platform_

plat: qemu: update the early platform setup API

Replaces deprecated early platform setup APIs

* Replaces bl31_early_platform_setup() with bl31_early_platform_setup2()
* Replaces bl2_early_platform_setup() with bl2_early_platform_setup2()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

warp7: Add warp7 platform to the build

Previous changes in this series made the necessary driver additions and
updates. With those changes in-place we can add the platform.mk and
bl2_el3_setup.c to

warp7: Add warp7 platform to the build

Previous changes in this series made the necessary driver additions and
updates. With those changes in-place we can add the platform.mk and
bl2_el3_setup.c to drive the boot process.

After this commit its possible to build a fully-functional TF-A for the
WaRP7 and boot from the BootROM to the Linux command prompt in secure or
non-secure mode.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

warp7: panic: hab: Call into BootROM failsafe on panic path

This patch adds a callback into the BootROM's provided High Assurance Boot
(HAB) failsafe function when panicking i.e. the call is done wi

warp7: panic: hab: Call into BootROM failsafe on panic path

This patch adds a callback into the BootROM's provided High Assurance Boot
(HAB) failsafe function when panicking i.e. the call is done without making
use of stack.

The HAB failsafe function allows a piece of software to call into the
BootROM and place the processor into failsafe mode.

Failsafe mode is a special mode which presents a serial download protocol
interface over UART or USB at the time of writing.

If the board has been set into secure mode, then only a signed binary can
be used to recover the board.

Thus failsafe gives a putatively secure method of performing a secure
recovery over UART or USB.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>

show more ...

warp7: mem_params_desc: Add boot entries to mem params array

This patch adds entries to the mem params array for

- BL32
- BL32_EXTRA1
- BL32_EXTRA2
- BL33
- HW_CONFIG_ID

BL32 is marked as bootable

warp7: mem_params_desc: Add boot entries to mem params array

This patch adds entries to the mem params array for

- BL32
- BL32_EXTRA1
- BL32_EXTRA2
- BL33
- HW_CONFIG_ID

BL32 is marked as bootable to indicate that OPTEE is the thing that should
be booted next.

In our model OPTEE chain-loads onto u-boot so only BL32 is bootable.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

warp7: io_storage: Add initial stub warp7_io_storage.c

This commit adds support for parsing a FIP pre-loaded by a previous
boot-phase such as u-boot or via ATF reading directly from eMMC.

[bod: squ

warp7: io_storage: Add initial stub warp7_io_storage.c

This commit adds support for parsing a FIP pre-loaded by a previous
boot-phase such as u-boot or via ATF reading directly from eMMC.

[bod: squashing several patches from Rui, Jun and bod]

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

warp7: Define a platform_def.h

This patch defines a platform_def.h describing

- FIP layout and location
- eMMC device select
- UART identity select
- System clock frequency
- Operational memory map

warp7: Define a platform_def.h

This patch defines a platform_def.h describing

- FIP layout and location
- eMMC device select
- UART identity select
- System clock frequency
- Operational memory map

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

warp7: mem_params_desc: Add a file which exports a REGISTER_BL_IMAGE_DESCS

In order to link even a basic image we need to declare
REGISTER_BL_IMAGE_DESCS. This patch declares an empty structure whic

warp7: mem_params_desc: Add a file which exports a REGISTER_BL_IMAGE_DESCS

In order to link even a basic image we need to declare
REGISTER_BL_IMAGE_DESCS. This patch declares an empty structure which is
passed to REGISTER_BL_IMAGE_DESCS(). Later patches will add in some
meaningful data.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

warp7: Add a warp7_private.h file

Internal declarations for the WaRP7 port will go here. For now just include
sys/types.h.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

warp7: image_load: Add warp7_image_load.c

This commit adds warp7_image_load.c with the functions

- plat_flush_next_bl_params()
- plat_get_bl_image_load_info()
- plat_get_next_bl_params()

Signed-of

warp7: image_load: Add warp7_image_load.c

This commit adds warp7_image_load.c with the functions

- plat_flush_next_bl_params()
- plat_get_bl_image_load_info()
- plat_get_next_bl_params()

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

warp7: Add initial warp7_helpers.S

This commit adds a warp7_helpers.S which contains a implementation of:

- platform_mem_init
- plat_get_my_entrypoint
- plat_crash_console_init
- plat_crash_console

warp7: Add initial warp7_helpers.S

This commit adds a warp7_helpers.S which contains a implementation of:

- platform_mem_init
- plat_get_my_entrypoint
- plat_crash_console_init
- plat_crash_console_putc

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

imx: imx_wdog: Add code to initialize the wdog block

The watchdog block on the IMX is mercifully simple. This patch maps the
various registers and bits associated with the block.

We are mostly only

imx: imx_wdog: Add code to initialize the wdog block

The watchdog block on the IMX is mercifully simple. This patch maps the
various registers and bits associated with the block.

We are mostly only really interested in the power-down-enable (PDE) bits in
the block for the purposes of ATF.

The i.MX7 Solo Applications Processor Reference Manual details the PDE bit
as follows:

"Power Down Enable bit. Reset value of this bit is 1, which means the power
down counter inside the WDOG is enabled after reset. The software must
write 0 to this bit to disable the counter within 16 seconds of reset
de-assertion. Once disabled this counter cannot be enabled again. See
Power-down counter event for operation of this counter."

This patch does that zero write in-lieu of later phases in the boot
no-longer have the necessary permissions to rewrite the PDE bit directly.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

imx: imx_caam: Add code to initialize the CAAM job-rings to NS-world

This patch defines the most basic part of the CAAM and the only piece of
the CAAM silicon we are really interested in, in ATF, th

imx: imx_caam: Add code to initialize the CAAM job-rings to NS-world

This patch defines the most basic part of the CAAM and the only piece of
the CAAM silicon we are really interested in, in ATF, the CAAM control
structure.

The CAAM itself is a huge address space of some 32k, way out of scope for
the purpose we have in ATF.

This patch adds a simple CAAM init function that assigns ownership of the
CAAM job-rings to the non-secure MID with the ownership bit set to
non-secure.

This will allow later logic in the boot process such as OPTEE, u-boot and
Linux to assign job-rings as appropriate, restricting if necessary but
leaving open the main functionality of the CAAM to the Linux NS runtime.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

qemu: make LOAD_IMAGE_V2=1 mandatory

The QEMU platform has only been used with LOAD_IMAGE_V2=1 for some time
now and bit rot has occurred for LOAD_IMAGE_V2=0. To ease the
maintenance make LOAD_IMAGE

qemu: make LOAD_IMAGE_V2=1 mandatory

The QEMU platform has only been used with LOAD_IMAGE_V2=1 for some time
now and bit rot has occurred for LOAD_IMAGE_V2=0. To ease the
maintenance make LOAD_IMAGE_V2=1 mandatory and remove the platform
specific code for LOAD_IMAGE_V2=0.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

zynqmp: Define and enable ARM_XLAT_TABLES_LIB_V1

Enable ARM_XLAT_TABLES_LIB_V1 as ZynqMP is using
v1 library of translation tables.

With upstream patch d323af9e3d903d981b42f954844a95a6bfef91ab,
the

zynqmp: Define and enable ARM_XLAT_TABLES_LIB_V1

Enable ARM_XLAT_TABLES_LIB_V1 as ZynqMP is using
v1 library of translation tables.

With upstream patch d323af9e3d903d981b42f954844a95a6bfef91ab,
the usage of MAP_REGION_FLAT is referring to definition in file
include/lib/xlat_tables/xlat_tables_v2.h but while preparing
xlat tables in lib/xlat_tables/xlat_tables_common.c it is referring
to include/lib/xlat_tables/xlat_tables.h which is v1 xlat tables.
Also, ZynqMP was using v1 so defined ARM_XLAT_TABLES_LIB_V1 to
use v1 xlat tables everywhere.
This fixes the issue of xlat tables failures as it takes v2
library mmap_region structure in some files and v1 in other
files.

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

show more ...

imx: imx_hab: Define a HAB header file

The High Assurance Boot or HAB is an on-chip method of providing a
root-of-trust from the reset vector to subsequent stages in the bootup
flow of the Cortex-A7

imx: imx_hab: Define a HAB header file

The High Assurance Boot or HAB is an on-chip method of providing a
root-of-trust from the reset vector to subsequent stages in the bootup
flow of the Cortex-A7 on the i.MX series of processors.

This patch adds a simple header file with pointer offsets of the provided
set of HAH API callbacks in the BootROM.

The relative offset of the function pointers is a constant and known
quantum, a software-contract between NXP and an implementation which is
defined in the NXP HAB documentation.

All we need is the correct base offset and then we can map the set of
function pointers relative to that offset.

imx_hab_arch.h provides the correct offset and the imx_hab.h hooks the
offset to the pre-determined callbacks.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>

show more ...

imx7: hab_arch: Provide a hab_arch.h file

In order to enable compile time differences in HAB interaction, we should
split out the definition of the base address of the HAB API.

Some version of the

imx7: hab_arch: Provide a hab_arch.h file

In order to enable compile time differences in HAB interaction, we should
split out the definition of the base address of the HAB API.

Some version of the i.MX series have different offsets from the BootROM
base for the HAB callback table.

This patch defines the header into which we will define the i.MX7 specific
offset. The offset of the i.MX7 function-callback table is simultaneously
defined.

Once done, we can latch a set of common function pointer locations from the
offset given here and if necessary change the offset for different
processors without any other code-change.

For now all we support is i.MX7 so the only offset being defined is that
for the i.MX7.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Ryan Harkin <ryan.harkin@linaro.org>

show more ...

imx: imx_snvs: Add an SNVS core functionality

This patch adds snvs.c with a imx_snvs_init() function.

imx_snvs_init() sets up permissions of the RTC via the SNVS HPCOMR.

During previous work with

imx: imx_snvs: Add an SNVS core functionality

This patch adds snvs.c with a imx_snvs_init() function.

imx_snvs_init() sets up permissions of the RTC via the SNVS HPCOMR.

During previous work with OPTEE on the i.MX7 part we discovered that prior
to switching from secure-world to normal-world it is required to apply more
permissive permissions than are defaulted to in order for Linux to be able
to access the RTC and CAAM functionality in general.

This patch pertains to fixing the RTC permissions by way of the
HPCOMR.NPSWA_EN bit.

Once set non-privileged code aka Linux-kernel code has permissions to
access the SNVS where the RTC resides.

Perform that permissions fix in imx_snvs_init() now, with a later patch making
the call from our platform setup code.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

imx: imx_snvs: Define a SNVS header and memory map

This commit defines two things.

- The basic SNVS memory map. At the moment that is total overkill for the
permission bits we need to set inside

imx: imx_snvs: Define a SNVS header and memory map

This commit defines two things.

- The basic SNVS memory map. At the moment that is total overkill for the
permission bits we need to set inside the SNVS but, for the sake of
completeness define the whole SNVS area as a struct.

- The bits of the HPCOMR register

A permission fix will need to be applied to the SNVS block prior to
switching on TrustZone. All we need to do is waggle a bit in the HPCOMR
register. To do that waggle we first need to define the bits of the
HPCOMR register.

- A imx_snvs_init() function definition

Declare the snvs_init() function so that it can be called from our
platform setup code.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

imx: imx_csu: Add a simple CSU layer

- Add a header to define imx_csu_init().
- Defines the Central Security Unit's Config Security Level
permission bits.
- Define CSU_CSL_OPEN_ACCESS permission b

imx: imx_csu: Add a simple CSU layer

- Add a header to define imx_csu_init().
- Defines the Central Security Unit's Config Security Level
permission bits.
- Define CSU_CSL_OPEN_ACCESS permission bitmask
- Run a loop to setup peripheral CSU permissions

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...