SPMD: generate and add Secure Partition blobs into FIP

Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
whic

SPMD: generate and add Secure Partition blobs into FIP

Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.

This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.

"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.

For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7

show more ...

Tegra: spe: uninit console on a timeout

There are chances a denial-of-service attack, if an attacker
removes the SPE firmware from the system. The console driver
would end up waiting for the firmwar

Tegra: spe: uninit console on a timeout

There are chances a denial-of-service attack, if an attacker
removes the SPE firmware from the system. The console driver
would end up waiting for the firmware to respond indefinitely.
The console driver must detect such scenarios and uninit the
interface as a result.

This patch adds a timeout to the interaction with the SPE
firmware and uninits the interface if it times out.

Change-Id: I06f27a858baed25711d41105b4110865f1a01727
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: handler to check support for System Suspend

Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode,
but there might be certain boards that do not have this firmware
blob. To stop the

Tegra: handler to check support for System Suspend

Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode,
but there might be certain boards that do not have this firmware
blob. To stop the NS world from issuing System suspend entry
commands on such devices, we ned to disable System Suspend from
the PSCI "features".

This patch removes the System suspend handler from the Tegra PSCI
ops, so that the framework will disable support for "System Suspend"
from the PSCI "features".

Original change by: kalyani chidambaram <kalyanic@nvidia.com>

Change-Id: Ie029f82f55990a8b3a6debb73e95e0e218bfd1f5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: bpmp_ipc: improve cyclomatic complexity

Code complexity is a good indication of maintainability versus
testability of a piece of software.

ISO26262 introduces the following thresholds:

Tegra: bpmp_ipc: improve cyclomatic complexity

Code complexity is a good indication of maintainability versus
testability of a piece of software.

ISO26262 introduces the following thresholds:

complexity < 10 is accepted
10 <= complexity < 20 has to be justified
complexity >= 20 cannot be accepted

Rationale is that number of test cases to fully test a piece of
software can (depending on the coverage metrics) grow exponentially
with the number of branches in the software.

This patch removes redundant conditionals from 'ipc_send_req_atomic'
handler to reduce the McCabe Cyclomatic Complexity for this function

Change-Id: I20fef79a771301e1c824aea72a45ff83f97591d5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: platform handler to relocate BL32 image

This patch provides platforms an opportunity to relocate the
BL32 image, during cold boot. Tegra186 platforms, for example,
relocate BL32 images to TZD

Tegra: platform handler to relocate BL32 image

This patch provides platforms an opportunity to relocate the
BL32 image, during cold boot. Tegra186 platforms, for example,
relocate BL32 images to TZDRAM memory as the previous bootloader
relies on BL31 to do so.

Change-Id: Ibb864901e43aca5bf55d8c79e918b598c12e8a28
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: common: improve cyclomatic complexity

Code complexity is a good indication of maintainability versus
testability of a piece of software.

ISO26262 introduces the following thresholds:

co

Tegra: common: improve cyclomatic complexity

Code complexity is a good indication of maintainability versus
testability of a piece of software.

ISO26262 introduces the following thresholds:

complexity < 10 is accepted
10 <= complexity < 20 has to be justified
complexity >= 20 cannot be accepted

Rationale is that number of test cases to fully test a piece of
software can (depending on the coverage metrics) grow exponentially
with the number of branches in the software.

This patch removes redundant conditionals from 'bl31_early_platform_setup'
handler to reduce the McCabe Cyclomatic Complexity for this function.

Change-Id: Ifb628e33269b388f9323639cd97db761a7e049c4
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra210: secure PMC hardware block

This patch sets the "secure" bit to mark the PMC hardware block
as accessible only from the secure world. This setting must be
programmed during cold boot and Sys

Tegra210: secure PMC hardware block

This patch sets the "secure" bit to mark the PMC hardware block
as accessible only from the secure world. This setting must be
programmed during cold boot and System Resume.

The sc7entry-fw, running on the COP, needs access to the PMC block
to enter System Suspend state, so "unlock" the PMC block before
passing control to the COP.

Change-Id: I00e39a49ae6b9f8c8eafe0cf7ff63fe6a67fdccf
Signed-off-by: kalyani chidambaram <kalyanic@nvidia.com>

show more ...

Tegra: delay_timer: support for physical secure timer

This patch modifies the delay timer driver to switch to the ARM
secure physical timer instead of using Tegra's on-chip uS timer.

The secure tim

Tegra: delay_timer: support for physical secure timer

This patch modifies the delay timer driver to switch to the ARM
secure physical timer instead of using Tegra's on-chip uS timer.

The secure timer is not accessible to the NS world and so eliminates
an important attack vector, where the Tegra timer source gets switched
off from the NS world leading to a DoS attack for the trusted world.

This timer is shared with the S-EL1 layer for now, but later patches
will mark it as exclusive to the EL3 exception mode.

Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

include: move MHZ_TICKS_PER_SEC to utils_def.h

This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h
for other platforms to use.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id:

include: move MHZ_TICKS_PER_SEC to utils_def.h

This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h
for other platforms to use.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I6c4dc733f548d73cfdb3515ec9ad89a9efaf4407

show more ...

Tegra194: memctrl: lock mc stream id security config

This patch locks most of the stream id security config registers as
per HW guidance.

This patch keeps the stream id configs unlocked for the fol

Tegra194: memctrl: lock mc stream id security config

This patch locks most of the stream id security config registers as
per HW guidance.

This patch keeps the stream id configs unlocked for the following
clients, to allow some platforms to still function, until they make
the transition to the latest guidance.

- ISPRA
- ISPFALR
- ISPFALW
- ISPWA
- ISPWA1
- ISPWB
- XUSB_DEVR
- XUSB_DEVW
- XUSB_HOSTR
- XUSB_HOSTW
- VIW
- VIFALR
- VIFALW

Change-Id: I66192b228a0a237035938f498babc0325764d5df
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>

show more ...

Tegra210: resume PMC hardware block for all platforms

The PMC hardware block resume handler was called for Tegra210
platforms, only if the sc7entry-fw was present on the device.
This would cause pro

Tegra210: resume PMC hardware block for all platforms

The PMC hardware block resume handler was called for Tegra210
platforms, only if the sc7entry-fw was present on the device.
This would cause problems for devices that do not support this
firmware.

This patch fixes this logic and resumes the PMC block even if
the sc7entry-fw is not present on the device.

Change-Id: I6f0eb7878126f624ea98392f583ed45a231d27db
Signed-off-by: Kalyani Chidambaram <kalyanic@nvidia.com>

show more ...

Tegra: macro for legacy WDT FIQ handling

This patch adds the macro to enable legacy FIQ handling to the common
Tegra makefile. The default value of this macro is '0'. Platforms that
need this suppor

Tegra: macro for legacy WDT FIQ handling

This patch adds the macro to enable legacy FIQ handling to the common
Tegra makefile. The default value of this macro is '0'. Platforms that
need this support should enable it from their makefiles.

This patch also helps fix violation of Rule 20.9.

Rule 20.9 "All identifiers used in the controlling expression of #if
of #elif preprocessing directives shall be #define'd before
evaluation"

Change-Id: I4f0c9917c044b5b1967fb5e79542cd3bf6e91f18
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra186: enable higher performance non-cacheable load forwarding

This patch enables higher performance non-cacheable load forwarding for
Tegra186 platforms.

Change-Id: Ifceb304bfbd805f415bb6205c96

Tegra186: enable higher performance non-cacheable load forwarding

This patch enables higher performance non-cacheable load forwarding for
Tegra186 platforms.

Change-Id: Ifceb304bfbd805f415bb6205c9679602ecb47b53
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra210: enable higher performance non-cacheable load forwarding

This patch enables higher performance non-cacheable load forwarding for
Tegra210 platforms.

Change-Id: I11d0ffc09aca97d37386f283f2f

Tegra210: enable higher performance non-cacheable load forwarding

This patch enables higher performance non-cacheable load forwarding for
Tegra210 platforms.

Change-Id: I11d0ffc09aca97d37386f283f2fbd2483d51fd28
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

cpus: higher performance non-cacheable load forwarding

The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
non-cacheable streaming enhancement. Platforms can set this bit only
if t

cpus: higher performance non-cacheable load forwarding

The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
non-cacheable streaming enhancement. Platforms can set this bit only
if their memory system meets the requirement that cache line fill
requests from the Cortex-A57 processor are atomic.

This patch adds support to enable higher performance non-cacheable load
forwarding for such platforms. Platforms must enable this support by
setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
makefiles. This flag is disabled by default.

Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Use consistent SMCCC error code

Removed duplicate error code present for SMCCC and used
proper error code for "SMCCC_ARCH_WORKAROUND_2" call.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.c

Use consistent SMCCC error code

Removed duplicate error code present for SMCCC and used
proper error code for "SMCCC_ARCH_WORKAROUND_2" call.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I76fc7c88095f78a7e2c3d205838f8eaf3132ed5c

show more ...

Merge "intel: Fix Coverity Scan Defects" into integration

intel: Fix Coverity Scan Defects

Fix mailbox driver incompatible cast bug and control flow issue that
was flagged by Coverity Scan.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.

intel: Fix Coverity Scan Defects

Fix mailbox driver incompatible cast bug and control flow issue that
was flagged by Coverity Scan.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3f34e98d24e40139d31cf7d5b9b973cd2d981065

show more ...

Merge "Update docs with PMU security information" into integration

Merge changes I72846d86,I70c3d873,If675796a,I0dbf8091,Ie4f3ac83, ... into integration

* changes:
rcar_gen3: plat: Minor coding style fix for rcar_version.h
rcar_gen3: plat: Update IPL and Secure

Merge changes I72846d86,I70c3d873,If675796a,I0dbf8091,Ie4f3ac83, ... into integration

* changes:
rcar_gen3: plat: Minor coding style fix for rcar_version.h
rcar_gen3: plat: Update IPL and Secure Monitor Rev.2.0.6
rcar_gen3: drivers: ddr: Update DDR setting for H3, M3, M3N
rcar_gen3: drivers: ddr: Update DDR setting for H3, M3, M3N
rcar_gen3: drivers: board: Add new board revision for M3ULCB
rcar_gen3: drivers: ddr: Update DDR setting for H3, M3, M3N
rcar_gen3: plat: Update IPL and Secure Monitor Rev.2.0.5
rcar_gen3: plat: Change fixed destination address of BL31 and BL32

show more ...

Merge "TBBR: Reduce size of hash buffers when possible" into integration

Merge "TBBR: Reduce size of ECDSA key buffers" into integration

Merge "corstone700: fdts: using DDR memory and XIP rootfs" into integration

board/rddaniel: intialize tzc400 controllers

A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM

board/rddaniel: intialize tzc400 controllers

A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM memory. Configure each of the TZC controllers
accordingly.

Change-Id: I75f6d13591a7fe9e50ce15c793e35a8018041815
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>

show more ...

plat/arm/tzc: add support to configure multiple tzc400

For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is ach

plat/arm/tzc: add support to configure multiple tzc400

For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is achieved by allowing 'arm_tzc400_setup' function to accept
the base address of the TZC400 controller.

Change-Id: I4add470e6ddb58432cd066145e644112400ab924
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>

show more ...