uniphier: support GZIP-compressed images

Allow to handle GZIP-compressed images by giving FIP_GZIP=1 from the
command line.

- Images are GZIP-compressed, then packed into FIP. If Trusted Board
B

uniphier: support GZIP-compressed images

Allow to handle GZIP-compressed images by giving FIP_GZIP=1 from the
command line.

- Images are GZIP-compressed, then packed into FIP. If Trusted Board
Boot is enabled, certificates are generated based on the compressed
images.

- GZIP decompressor is linked into BL2 to decompress images at
run-time.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

uniphier: add a helper to get image_info

In the next commit, I will have more usecases to get struct image_info
from image ID. It is better to make a helper function at a different
layer. I do not

uniphier: add a helper to get image_info

In the next commit, I will have more usecases to get struct image_info
from image ID. It is better to make a helper function at a different
layer. I do not need the current uniphier_image_descs_fixup() since
the code is small enough to be squashed into the caller side.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

bl1: add bl1_plat_handle_{pre,post}_image_load()

Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.

Signed-off-by: Masahiro

bl1: add bl1_plat_handle_{pre,post}_image_load()

Just like bl2_, add pre/post image load handlers for BL1. No argument
is needed since BL2 is the only image loaded by BL1.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

bl2: add bl2_plat_handle_pre_image_load()

There are cases where we need to manipulate image information before
the load. For example, for decompressing data, we cannot load the
compressed images to

bl2: add bl2_plat_handle_pre_image_load()

There are cases where we need to manipulate image information before
the load. For example, for decompressing data, we cannot load the
compressed images to their final destination. Instead, we need to
load them to the temporary buffer for the decompressor.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

plat/common: move arch-agnostic fallback functions to C file

When we add a new callback, we need to duplicate fallbacks among
plat/common/{aarch32,aarch64}/platform_helpers.S This is tedious.

I cr

plat/common: move arch-agnostic fallback functions to C file

When we add a new callback, we need to duplicate fallbacks among
plat/common/{aarch32,aarch64}/platform_helpers.S This is tedious.

I created a new C file, then moved 3 functions:
plat_error_handler
bl2_plat_preload_setup
plat_try_next_boot_source

They are called from C, so I do not see a good reason to implement
them in assembly.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Build: change the first parameter of TOOL_ADD_IMG to lowercase

In the next commit, I need the image name in lowercase because
output files are generally named in lowercase.

Unfortunately, TOOL_ADD_

Build: change the first parameter of TOOL_ADD_IMG to lowercase

In the next commit, I need the image name in lowercase because
output files are generally named in lowercase.

Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase
since we generally use uppercase Make variables.

make_helpers/build_macros.mk provides 'uppercase' macro to convert
a string into uppercase, but 'lowercase' does not exist. We can
implement it if we like, but it would be more straightforward to
change the argument of TOOL_ADD_IMG.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Build: rename FIP_ADD_IMG to TOOL_ADD_IMG

Now FIP_ADD_IMG takes care of both fiptool and cert_create
symmetrically. Rename it so that it matches the behavior.

Signed-off-by: Masahiro Yamada <yamad

Build: rename FIP_ADD_IMG to TOOL_ADD_IMG

Now FIP_ADD_IMG takes care of both fiptool and cert_create
symmetrically. Rename it so that it matches the behavior.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Build: merge build macros between FIP_ and FWU_FIP_

The build system supports generating two FIP images, fip and fwu_fip.
Accordingly, we have similar build macros.

FIP_ADD_PAYLOAD <--> FWU_F

Build: merge build macros between FIP_ and FWU_FIP_

The build system supports generating two FIP images, fip and fwu_fip.
Accordingly, we have similar build macros.

FIP_ADD_PAYLOAD <--> FWU_FIP_ADD_PAYLOAD
CERT_ADD_CMD_OPT <--> FWU_CERT_ADD_CMD_OPT
FIP_ADD_IMG <--> FWU_FIP_ADD_IMG

The duplicated code increases the maintenance burden. Also, the build
rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from
source files, but we want to put it in fwu_fip. We can not do it in a
single macro call since the current MAKE_BL does not support fwu_fip.

To refactor those in a clean way is to support one more argument to
specify the FIP prefix. If it is empty, the images are targeted to
fip, whereas if the argument is "FWU_", targeted to fwu_fip.

The build macros prefixed with FWU_ go away.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Merge pull request #1240 from dp-arm/dp/smccc

Implement support for SMCCC v1.1 and optimize security mitigations for CVE-2017-5715 on AArch64

Merge pull request #1236 from dbasehore/gic-save-restore

RK3399 GIC save/restore

rockchip/rk3399: Fix memory corruptions or illegal memory access

Coverity scan done for the coreboot project found the issue:
Coverity (*** CID 1385418: Memory - illegal accesses (OVERRUN))
Coverity

rockchip/rk3399: Fix memory corruptions or illegal memory access

Coverity scan done for the coreboot project found the issue:
Coverity (*** CID 1385418: Memory - illegal accesses (OVERRUN))
Coverity (*** CID 1385419: Memory - corruptions (OVERRUN))

Fix the Converity error issue with store_cru[] loop needs to be one
element bigger.

Fixes: ARM-software/tf-issues#544

Change-Id: I420f0a660b24baaa5fc5e78fca242cf750c9bbc7
Signed-off-by: Caesar Wang <wxt@rock-chips.com>

show more ...

hikey: fix memory overlapped in memory map

MAP_TSP_MEM could be either in SRAM or DRAM. When MAP_TSP_MEM is in
DRAM, it's overlapped with MAP_DDR.

Since MAP_OPTEE_PAGEABLE isn't used in SRAM case,

hikey: fix memory overlapped in memory map

MAP_TSP_MEM could be either in SRAM or DRAM. When MAP_TSP_MEM is in
DRAM, it's overlapped with MAP_DDR.

Since MAP_OPTEE_PAGEABLE isn't used in SRAM case, just remove it.

Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>

show more ...

Merge pull request #1237 from sandrine-bailleux-arm/sb/spm-timer

SPM: Map devices in the 1st GB

Disable workaround for CVE-2017-5715 on unaffected platforms

Change-Id: Ib67b841ab621ca1ace3280e44cf3e1d83052cb73
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

SPM: Map devices in the 1st GB

This patch maps the devices in the first GB of the system address map
on the FVP into the S-EL1&0 translation regime when SPM support is
enabled. This grants the Secur

SPM: Map devices in the 1st GB

This patch maps the devices in the first GB of the system address map
on the FVP into the S-EL1&0 translation regime when SPM support is
enabled. This grants the Secure Partition access to the devices in
this region, for example the memory-mapped Generic Timer device.

Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

hikey: fix assert in sec_protect()

`assert(e)` was used in place of `if (e) ERROR()` when sec_protect()
was ported from hikey fork so the logic should have been reversed.

Fixes: 3d5d9f5a ("hikey: c

hikey: fix assert in sec_protect()

`assert(e)` was used in place of `if (e) ERROR()` when sec_protect()
was ported from hikey fork so the logic should have been reversed.

Fixes: 3d5d9f5a ("hikey: configure the top 16MB of DRAM as secure")
Fixes: 52988b38 ("hikey: configure 4 MB of secure DRAM for OP-TEE
Secure Data Path")
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>

show more ...

Merge pull request #1205 from petegriffin/hikey-protect-memory

Hikey protect optee / sdp memory

rockchip: Disable rdist before pwr_dm_suspend is called

This disables the redistributor before either of the pwr_dm_suspend
functions are called. This is because the rdist save code in the
rk3399 ro

rockchip: Disable rdist before pwr_dm_suspend is called

This disables the redistributor before either of the pwr_dm_suspend
functions are called. This is because the rdist save code in the
rk3399 rockchip_soc_sys_pwr_dm_suspend function requires that each
redistributor be disabled before saving state.

Signed-off-by: Derek Basehore <dbasehore@chromium.org>

show more ...

Merge pull request #1232 from masahir0y/uniphier

uniphier: migrate to BL2-AT-EL3

Merge pull request #1231 from Leo-Yan/hikey960_enable_fiq_handling

Hikey960: Enable invalid FIQ handling

Merge pull request #1223 from vchong/poplar_bl1loadsfip

poplar: Enable emmc and recovery build support

Merge pull request #1193 from jwerner-chromium/JW_coreboot

New console API and coreboot support [v4]

uniphier: switch to BL2-AT-EL3 and remove BL1 support

UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is

uniphier: switch to BL2-AT-EL3 and remove BL1 support

UniPhier platform implements non-TF boot ROM. Prior to the BL2-AT-EL3
support, BL1 (worked as a pseudo ROM) was needed just for ensuring BL2
is entered at EL1-S. Now, this platform is able to avoid this waste.

Enable the BL2_AT_EL3 option, and remove BL1.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

uniphier: set PROGRAMMABLE_RESET_ADDRESS to disable warm boot mailbox

The warm boot mailbox code is compiled if PROGRAMMABLE_RESET_ADDRESS
is disabled.

The warm boot mailbox is useless for UniPhier

uniphier: set PROGRAMMABLE_RESET_ADDRESS to disable warm boot mailbox

The warm boot mailbox code is compiled if PROGRAMMABLE_RESET_ADDRESS
is disabled.

The warm boot mailbox is useless for UniPhier SoC family because BL1
is not the first image. The UniPhier platform implements non-TF ROM,
then BL1 works as a pseudo ROM, so it is never executed in the warm
boot.

The reset vector address is not actually programmable for UniPhier
platform, but it should not hurt to enable PROGRAMMABLE_RESET_ADDRESS
to disable the mailbox and remove pointless plat_get_my_entrypoint.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

hikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path

Update the memory firewall configuration to reserve 4 MB of secure RAM
for use by the kernel and OP-TEE as the Secure Data Path pool.

hikey: configure 4 MB of secure DRAM for OP-TEE Secure Data Path

Update the memory firewall configuration to reserve 4 MB of secure RAM
for use by the kernel and OP-TEE as the Secure Data Path pool.
Note that this address range (0x3E800000 - 0x3EC00000) falls in the
range already set aside by UEFI (which reserves the upper 32 MB of the
1GB DRAM for OP-TEE [1]) and was previously unused.

[1] https://github.com/96boards-hikey/edk2/blob/hikey/HisiPkg/HiKeyPkg/Library/HiKeyLib/HiKeyMem.c#L44
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>

show more ...