Ensure BL31 does not print to boot console by default

It is not ideal for BL31 to continue to use boot console at
runtime which could be potentially uninitialized. This patch
introduces a new option

Ensure BL31 does not print to boot console by default

It is not ideal for BL31 to continue to use boot console at
runtime which could be potentially uninitialized. This patch
introduces a new optional platform porting API
`bl31_plat_runtime_setup()` which allows the platform to perform
any BL31 runtime setup just prior to BL31 exit during cold boot.
The default weak implementation of this function will invoke
`console_uninit()` which will suppress any BL31 runtime logs.

On the ARM Standard platforms, there is an anomaly that
the boot console will be reinitialized on resumption from
system suspend in `arm_system_pwr_domain_resume()`. This
will be resolved in the following patch.

NOTE: The default weak definition of `bl31_plat_runtime_setup()`
disables the BL31 console. To print the BL31 runtime
messages, platforms must override this API and initialize a
runtime console.

Fixes ARM-software/tf-issues#328

Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a

show more ...

Merge pull request #461 from yatharth-arm/yk/nvidia_patch

Include psci.h from tegra platform header

Include psci.h from tegra platform header

The `plat/nvidia/tegra/include/tegra_private.h` file uses resources
from psci.h (for example, psci_power_state_t) but does not explicitly
include psci.h. Th

Include psci.h from tegra platform header

The `plat/nvidia/tegra/include/tegra_private.h` file uses resources
from psci.h (for example, psci_power_state_t) but does not explicitly
include psci.h. This does not currently cause a problem since psci.h
is indirectly included via other headers. However, this may not be
the case in future.

This patch explicitly includes psci.h from tegra_private.h

Change-Id: Ia991147898dbd117c1d3496a95850995a5554c05

show more ...

Merge pull request #456 from soby-mathew/sm/gicv3-tsp-plat-changes-v2

Modify TSP and ARM standard platforms for new GIC drivers v2

Merge pull request #455 from jcastillo-arm/jc/fvp_delay_timer

Fix SP804 delay timer on FVP

Rework use of ARM GIC drivers on ARM platforms

Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both

Rework use of ARM GIC drivers on ARM platforms

Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both
versions of the GIC architecture. These drivers correspond to the following
software use cases:

1. A GICv2 only driver that can run only on ARM GIC v2.0 implementations
e.g. GIC-400

2. A GICv3 only driver that can run only on ARM GIC v3.0 implementations
e.g. GIC-500 in a mode where all interrupt regimes use GICv3 features

3. A deprecated GICv3 driver that operates in legacy mode. This driver can
operate only in the GICv2 mode in the secure world. On a GICv3 system, this
driver allows normal world to run in either GICv3 mode (asymmetric mode)
or in the GICv2 mode. Both modes of operation are deprecated on GICv3
systems.

ARM platforms implement both versions of the GIC architecture. This patch adds a
layer of abstraction to help ARM platform ports chose the right GIC driver and
corresponding platform support. This is as described below:

1. A set of ARM common functions have been introduced to initialise the GIC and
the driver during cold and warm boot. These functions are prefixed as
"plat_arm_gic_". Weak definitions of these functions have been provided for
each type of driver.

2. Each platform includes the sources that implement the right functions
directly into the its makefile. The FVP can be instantiated with different
versions of the GIC architecture. It uses the FVP_USE_GIC_DRIVER build option
to specify which of the three drivers should be included in the build.

3. A list of secure interrupts has to be provided to initialise each of the
three GIC drivers. For GIC v3.0 the interrupt ids have to be further
categorised as Group 0 and Group 1 Secure interrupts. For GIC v2.0, the two
types are merged and treated as Group 0 interrupts.

The two lists of interrupts are exported from the platform_def.h. The lists
are constructed by adding a list of board specific interrupt ids to a list of
ids common to all ARM platforms and Compute sub-systems.

This patch also makes some fields of `arm_config` data structure in FVP redundant
and these unused fields are removed.

Change-Id: Ibc8c087be7a8a6b041b78c2c3bd0c648cd2035d8

show more ...

Prepare platforms to use refactored ARM GIC drivers

This patch adds platform helpers for the new GICv2 and GICv3 drivers in
plat_gicv2.c and plat_gicv3.c. The platforms can include the appropriate
f

Prepare platforms to use refactored ARM GIC drivers

This patch adds platform helpers for the new GICv2 and GICv3 drivers in
plat_gicv2.c and plat_gicv3.c. The platforms can include the appropriate
file in their build according to the GIC driver to be used. The existing
plat_gic.c is only meant for the legacy GIC driver.

In the case of ARM platforms, the major changes are as follows:

1. The crash reporting helper macro `arm_print_gic_regs` that prints the GIC CPU
interface register values has been modified to detect the type of CPU
interface being used (System register or memory mappped interface) before
using the right interface to print the registers.

2. The power management helper function that is called after a core is powered
up has been further refactored. This is to highlight that the per-cpu
distributor interface should be initialised only when the core was originally
powered down using the CPU_OFF PSCI API and not when the CPU_SUSPEND PSCI API
was used.

3. In the case of CSS platforms, the system power domain restore helper
`arm_system_pwr_domain_resume()` is now only invoked in the `suspend_finish`
handler as the system power domain is always expected to be initialized when
the `on_finish` handler is invoked.

Change-Id: I7fc27d61fc6c2a60cea2436b676c5737d0257df6

show more ...

Merge pull request #452 from vwadekar/tegra-new-platform-apis-v2

Tegra new platform apis v2

Tegra: remove support for legacy platform APIs

This patch modifies the Tegra port to support the new platform
APIs so that we can disable the compat layer. This includes
modifications to the power m

Tegra: remove support for legacy platform APIs

This patch modifies the Tegra port to support the new platform
APIs so that we can disable the compat layer. This includes
modifications to the power management and platform topology code.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Fix SP804 delay timer on FVP

This patch fixes several issues with the SP804 delay timer on FVP:

* By default, the SP804 dual timer on FVP runs at 32 KHz. In order
to run the timer at 35 MHz (as s

Fix SP804 delay timer on FVP

This patch fixes several issues with the SP804 delay timer on FVP:

* By default, the SP804 dual timer on FVP runs at 32 KHz. In order
to run the timer at 35 MHz (as specified in the FVP user manual)
the Overwrite bit in the SP810 control register must be set.

* The CLKMULT and CLKDIV definitions are mixed up:

delta(us) = delta(ticks) * T(us) = delta(ticks) / f(MHz)

From the delay function:

delta_us = (delta * ops->clk_mult) / ops->clk_div;

Matching both expressions:

1 / f(MHz) = ops->clk_mult / ops->clk_div

And consequently:

f(MHz) = ops->clk_div / ops->clk_mult

Which, for a 35 MHz timer, translates to:

ops->clk_div = 35
ops->clk_mult = 1

* The comment in the delay timer header file has been corrected:
The ratio of the multiplier and the divider is the clock period
in microseconds, not the frequency.

Change-Id: Iffd5ce0a5a28fa47c0720c0336d81b678ff8fdf1

show more ...

Merge pull request #444 from jcastillo-arm/jc/tbb_wdog

Jc/tbb wdog

TBB: add Trusted Watchdog support on ARM platforms

This patch adds watchdog support on ARM platforms (FVP and Juno).
A secure instance of SP805 is used as Trusted Watchdog. It is
entirely managed in

TBB: add Trusted Watchdog support on ARM platforms

This patch adds watchdog support on ARM platforms (FVP and Juno).
A secure instance of SP805 is used as Trusted Watchdog. It is
entirely managed in BL1, being enabled in the early platform setup
hook and disabled in the exit hook. By default, the watchdog is
enabled in every build (even when TBB is disabled).

A new ARM platform specific build option `ARM_DISABLE_TRUSTED_WDOG`
has been introduced to allow the user to disable the watchdog at
build time. This feature may be used for testing or debugging
purposes.

Specific error handlers for Juno and FVP are also provided in this
patch. These handlers will be called after an image load or
authentication error. On FVP, the Table of Contents (ToC) in the FIP
is erased. On Juno, the corresponding error code is stored in the
V2M Non-Volatile flags register. In both cases, the CPU spins until
a watchdog reset is generated after 256 seconds (as specified in
the TBBR document).

Change-Id: I9ca11dcb0fe15af5dbc5407ab3cf05add962f4b4

show more ...

Merge pull request #443 from achingupta/sb/el3_payloads-cb_single_cpu

Add support to boot EL3 payloads and only a single CPU at cold reset

Merge pull request #445 from jcastillo-arm/jc/tf-issues/320

Add NULL pointer check before reading BL32 entry point information

Add basic NOR flash driver for ARM platforms

FVP and Juno platforms include a NOR flash memory to store and
load the FIP, the kernel or a ramdisk. This NOR flash is arranged
as 2 x 16 bit flash devi

Add basic NOR flash driver for ARM platforms

FVP and Juno platforms include a NOR flash memory to store and
load the FIP, the kernel or a ramdisk. This NOR flash is arranged
as 2 x 16 bit flash devices and can be programmed using CFI
standard commands.

This patch provides a basic API to write single 32 bit words of
data into the NOR flash. Functions to lock/unlock blocks against
erase or write operations are also provided.

Change-Id: I1da7ad3105b1ea409c976adc863954787cbd90d2

show more ...

FVP: Do not power off secondary CPUs when booting an EL3 payload

Normally, in the FVP port, secondary CPUs are immediately powered
down if they are powered on at reset. However, when booting an EL3

FVP: Do not power off secondary CPUs when booting an EL3 payload

Normally, in the FVP port, secondary CPUs are immediately powered
down if they are powered on at reset. However, when booting an EL3
payload, we need to keep them powered on as the requirement is for
all CPUs to enter the EL3 payload image. This patch puts them in a
holding pen instead of powering them off.

Change-Id: I6526a88b907a0ddb820bead72f1d350a99b1692c

show more ...

CSS: Put secondary CPUs in a pen when booting an EL3 payload

By default, only the primary CPU is powered on by SCP on CSS
platforms. Secondary CPUs are then powered on later using PSCI
calls.

Howev

CSS: Put secondary CPUs in a pen when booting an EL3 payload

By default, only the primary CPU is powered on by SCP on CSS
platforms. Secondary CPUs are then powered on later using PSCI
calls.

However, it is possible to power on more than one CPU at boot time
using platform specific settings. In this case, several CPUs will
enter the Trusted Firmware and execute the cold boot path code.
This is currently not supported and secondary CPUs will panic.

This patch preserves this behaviour in the normal boot flow.
However, when booting an EL3 payload, secondary CPUs are now held in
a pen until their mailbox is populated, at which point they jump to
this address. Note that, since all CPUs share the same mailbox, they
will all be released from their holding pen at the same time and the
EL3 payload is responsible to arbitrate execution between CPUs if
required.

Change-Id: I83737e0c9f15ca5e73afbed2e9c761bc580735b9

show more ...

CSS: Enable booting of EL3 payloads

This patch adds support for booting EL3 payloads on CSS platforms,
for example Juno. In this scenario, the Trusted Firmware follows
its normal boot flow up to the

CSS: Enable booting of EL3 payloads

This patch adds support for booting EL3 payloads on CSS platforms,
for example Juno. In this scenario, the Trusted Firmware follows
its normal boot flow up to the point where it would normally pass
control to the BL31 image. At this point, it jumps to the EL3
payload entry point address instead.

Before handing over to the EL3 payload, the data SCP writes for AP
at the beginning of the Trusted SRAM is restored, i.e. we zero the
first 128 bytes and restore the SCP Boot configuration. The latter
is saved before transferring the BL30 image to SCP and is restored
just after the transfer (in BL2). The goal is to make it appear that
the EL3 payload is the first piece of software to run on the target.

The BL31 entrypoint info structure is updated to make the primary
CPU jump to the EL3 payload instead of the BL31 image.

The mailbox is populated with the EL3 payload entrypoint address,
which releases the secondary CPUs out of their holding pen (if the
SCP has powered them on). The arm_program_trusted_mailbox() function
has been exported for this purpose.

The TZC-400 configuration in BL2 is simplified: it grants secure
access only to the whole DRAM. Other security initialization is
unchanged.

This alternative boot flow is disabled by default. A new build option
EL3_PAYLOAD_BASE has been introduced to enable it and provide the EL3
payload's entry point address. The build system has been modified
such that BL31 and BL33 are not compiled and/or not put in the FIP in
this case, as those images are not used in this boot flow.

Change-Id: Id2e26fa57988bbc32323a0effd022ab42f5b5077

show more ...

Pass the entry point info to bl1_plat_prepare_exit()

This patch modifies the prototype of the bl1_plat_prepare_exit()
platform API to pass the address of the entry point info structure
received from

Pass the entry point info to bl1_plat_prepare_exit()

This patch modifies the prototype of the bl1_plat_prepare_exit()
platform API to pass the address of the entry point info structure
received from BL2. The structure contains information that can be
useful, depending on the kind of clean up or bookkeeping operations
to perform.

The weak implementation of this function ignores this argument to
preserve platform backwards compatibility.

NOTE: THIS PATCH MAY BREAK PLATFORM PORTS THAT ARE RELYING ON THE
FORMER PROTOTYPE OF THE BL1_PLAT_PREPARE_EXIT() API.

Change-Id: I3fc18f637de06c85719c4ee84c85d6a4572a0fdb

show more ...

Tegra: flowctrl: rename tegra_fc_cpu_idle() to tegra_fc_cpu_powerdn()

This patch renames the tegra_fc_cpu_idle() function to a more appropriate
tegra_fc_cpu_powerdn() to better reflect its usage.

S

Tegra: flowctrl: rename tegra_fc_cpu_idle() to tegra_fc_cpu_powerdn()

This patch renames the tegra_fc_cpu_idle() function to a more appropriate
tegra_fc_cpu_powerdn() to better reflect its usage.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge pull request #435 from sandrine-bailleux/sb/juno-r2

Changes to platform reset handler for Juno r2

Juno R2: Configure the correct L2 RAM latency values

The default reset values for the L2 Data & Tag RAM latencies on the
Cortex-A72 on Juno R2 are not suitable. This patch modifies
the Juno platform

Juno R2: Configure the correct L2 RAM latency values

The default reset values for the L2 Data & Tag RAM latencies on the
Cortex-A72 on Juno R2 are not suitable. This patch modifies
the Juno platform reset handler to configure the right settings
on Juno R2.

Change-Id: I20953de7ba0619324a389e0b7bbf951b64057db8

show more ...

Juno: Rework platform reset handler

This patch splits the Juno reset handler in 4 distinct pieces:

- Detection of the board revision;
- Juno R0 specific handler;
- Juno R1 specific handler;
- J

Juno: Rework platform reset handler

This patch splits the Juno reset handler in 4 distinct pieces:

- Detection of the board revision;
- Juno R0 specific handler;
- Juno R1 specific handler;
- Juno R2 specific handler.

Depending on the board revision, the appropriate handler is called.
This makes the code easier to understand and maintain.

This patch is mainly cosmetic. The only functional change introduced
is that the Juno platform reset handler will now spin infinitely if
the board revision is not recognised. Previously, it would have
assumed that it was running on Juno R1 in this case.

Change-Id: I54ed77c4665085ead9d1573316c9c884d7d3ffa0

show more ...

Add NULL pointer check before reading BL32 entry point information

BL2 is responsible for loading BL32 and passing a pointer to the
BL32 entrypoint info to BL31 in the BL31 parameters. If no BL32
im

Add NULL pointer check before reading BL32 entry point information

BL2 is responsible for loading BL32 and passing a pointer to the
BL32 entrypoint info to BL31 in the BL31 parameters. If no BL32
image is loaded, a NULL pointer is passed. The platform is
responsible for accessing BL31 parameters and extracting the
corresponding BL32 EP info.

In ARM platforms, arm_bl31_early_platform_setup() dereferences the
pointer to the BL32 EP info without checking first if the pointer
is NULL. This will cause an exception if a BL32 entrypoint has not
been populated by BL2. FVP and Juno are not affected because they
always define BL32_BASE, irrespective of whether a BL32 image is
included in the FIP or not.

This patches fixes the issue by checking the BL32 ep_info pointer
before trying to access the data.

If `RESET_TO_BL31` is enabled, the BL32 entrypoint is not
populated if BL32_BASE is not defined.

NOTE: Maintainers of partner platforms should check for this issue
in their ports.

Fixes ARM-software/tf-issues#320

Change-Id: I31456155503f2765766e8b7cd30ab4a40958fb96

show more ...

Tegra: introduce per-soc system reset handler

This patch adds a per-soc system reset handler for Tegra chips. The
handler gets executed before the actual system resets. This allows
for custom handli

Tegra: introduce per-soc system reset handler

This patch adds a per-soc system reset handler for Tegra chips. The
handler gets executed before the actual system resets. This allows
for custom handling of the system reset sequence on each SoC.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...