SPM: Introduce Secure Partition Manager

A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL

SPM: Introduce Secure Partition Manager

A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:

- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.

A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.

The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:

- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.

Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

xlat: Make function to calculate TCR PA bits public

This function can be useful to setup TCR_ELx by callers that don't use
the translation tables library to setup the system registers related
to the

xlat: Make function to calculate TCR PA bits public

This function can be useful to setup TCR_ELx by callers that don't use
the translation tables library to setup the system registers related
to them. By making it common, it can be reused whenever it is needed
without duplicating code.

Change-Id: Ibfada9e846d2a6cd113b1925ac911bb27327d375
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

spd: Use `ENABLE_ASSERTIONS` instead of `DEBUG`

A line in the upstream SPDs is only compiled in in `DEBUG` builds. This
line is used to help with assertions and so assertion failures can
happen in r

spd: Use `ENABLE_ASSERTIONS` instead of `DEBUG`

A line in the upstream SPDs is only compiled in in `DEBUG` builds. This
line is used to help with assertions and so assertion failures can
happen in release builds with assertions enabled. Use
`ENABLE_ASSERTIONS` instead of `DEBUG`.

This bug was introduced in commit aa61368eb5, which introduced the build
option `ENABLE_ASSERTIONS`.

Change-Id: I7977df9c89c68677b00099b2a1926fa3cb0937c6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #1154 from soby-mathew/sm/fix_psci_stat

Fix PSCI STAT time stamp collection

ARMv7: division support for missing __aeabi_*divmod

ARMv7-A architectures that do not support the Virtualization extensions
do not support instructions for the 32bit division. This change provides
a

ARMv7: division support for missing __aeabi_*divmod

ARMv7-A architectures that do not support the Virtualization extensions
do not support instructions for the 32bit division. This change provides
a software implementation for 32bit division.

The division implementation is dumped from the OP-TEE project
http://github.com/OP-TEE/optee_os. The code was slightly modified
to pass trusted firmware checkpatch requirements and copyright is
given to the ARM trusted firmware initiative and its contributors.

Change-Id: Idae0c7b80a0d75eac9bd41ae121921d4c5af3fa3
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARMv7: GICv2 driver can manage GICv1 with security extension

Some SoCs integrate a GIC in version 1 that is currently not supported
by the trusted firmware. This change hijacks GICv2 driver to handl

ARMv7: GICv2 driver can manage GICv1 with security extension

Some SoCs integrate a GIC in version 1 that is currently not supported
by the trusted firmware. This change hijacks GICv2 driver to handle the
GICv1 as GICv1 is compatible enough with GICv2 as far as the platform
does not attempt to play with virtualization support or some GICv2
specific power features.

Note that current trusted firmware does not use these GICv2 features
that are not available in GICv1 Security Extension.

Change-Id: Ic2cb3055f1319a83455571d6d918661da583f179
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

aarch32: add missing dmb() macro

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

aarch32: add few missing weak platform specific function

Adds weak functions for plat_report_exception, bl1_plat_prepare_exit
and plat_error_handler in AArch32 mode.

Signed-off-by: Etienne Carriere

aarch32: add few missing weak platform specific function

Adds weak functions for plat_report_exception, bl1_plat_prepare_exit
and plat_error_handler in AArch32 mode.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARMv7 may not support Generic Timer Extension

If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_GENERIC_TIMER to enable generic timer
support.

Signed-off-

ARMv7 may not support Generic Timer Extension

If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_GENERIC_TIMER to enable generic timer
support.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARMv7 may not support Virtualization Extensions

ARMv7-A Virtualization extensions brings new instructions and resources
that were supported by later architectures. Reference ARM ARM Issue C.c
[DDI04

ARMv7 may not support Virtualization Extensions

ARMv7-A Virtualization extensions brings new instructions and resources
that were supported by later architectures. Reference ARM ARM Issue C.c
[DDI0406C_C].

ERET and extended MSR/MRS instructions, as specified in [DDI0406C_C] in
ID_PFR1 description of bits[15:12] (Virtualization Extensions):
A value of 0b0001 implies implementation of the HVC, ERET, MRS
(Banked register), and MSR (Banked register) instructions. The ID_ISARs
do not identify whether these instructions are implemented.

UDIV/SDIV were introduced with the Virtualization extensions, even if
not strictly related to the virtualization extensions.

If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_VIRTUALIZATION to enable virtualization
extension related resources.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARMv7 may not support large page addressing

ARCH_SUPPORTS_LARGE_PAGE_ADDRESSING allows build environment to
handle specific case when target ARMv7 core only supports 32bit MMU
descriptor mode.

If A

ARMv7 may not support large page addressing

ARCH_SUPPORTS_LARGE_PAGE_ADDRESSING allows build environment to
handle specific case when target ARMv7 core only supports 32bit MMU
descriptor mode.

If ARMv7 based platform does not set ARM_CORTEX_Ax=yes, platform
shall define ARMV7_SUPPORTS_LARGE_PAGE_ADDRESSING to enable
large page addressing support.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARMv7: introduce Cortex-A12

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7: introduce Cortex-A17

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7: introduce Cortex-A7

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7: introduce Cortex-A5

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7: introduce Cortex-A9

As Cortex-A9 needs to manually enable program flow prediction,
do not reset SCTLR[Z] at entry. Platform should enable it only
once MMU is enabled.

Change-Id: I34e1ee2da73

ARMv7: introduce Cortex-A9

As Cortex-A9 needs to manually enable program flow prediction,
do not reset SCTLR[Z] at entry. Platform should enable it only
once MMU is enabled.

Change-Id: I34e1ee2da73221903f7767f23bc6fc10ad01e3de
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ARMv7: introduce Cortex-A15

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7 architecture have specific system registers

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7 does not support SDCR

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7 does not support STL instruction

Also need to add a SEV instruction in ARMv7 spin_unlock which
is implicit in ARMv8.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7 requires the clear exclusive access at monitor entry

Clear exclusive monitor on SMC and FIQ entry for ARMv7 cores.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

ARMv7 target is driven by ARM_ARCH_MAJOR==7

External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.

As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==

ARMv7 target is driven by ARM_ARCH_MAJOR==7

External build environment shall sets directive ARM_ARCH_MAJOR to 7
to specify a target ARMv7-A core.

As ARM-TF expects AARCH to be set, ARM_ARCH_MAJOR==7 mandates
AARCH=aarch32.

The toolchain target architecture/cpu is delegated after the platform
configuration is parsed. Platform shall define target core through
ARM_CORTEX_A<x>=yes, <x> being 5, 7, 9, 12, 15 and/or 17.

Platform can bypass ARM_CORTEX_A<x>=yes directive and provide straight
the toolchain target directive through MARCH32_DIRECTIVE.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Merge pull request #1155 from masahir0y/uniphier

Fix build error when creating ROT key for UniPhier platform

uniphier: make sure to create build directory before ROT key

Building the UniPhier platform in parallel with TRUSTED_BOARD_BOOT=1
could fail due to non-existing directory. It might be difficult to

uniphier: make sure to create build directory before ROT key

Building the UniPhier platform in parallel with TRUSTED_BOARD_BOOT=1
could fail due to non-existing directory. It might be difficult to
reproduce, but here is an easier way to trigger the problem:

$ make PLAT=uniphier TRUSTED_BOARD_BOOT=1 MBEDTLS_DIR=mbedtls certificates
OPENSSL build/uniphier/release/rot_key.pem
/bin/sh: 1: cannot create build/uniphier/release/rot_key.pem: Directory nonexistent
make: *** [build/uniphier/release/rot_key.pem] Error 2

The $(ROT_KEY) must depend on $(BUILD_PLAT) so that the build directory
is created before the key.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...

Build: introduce ${BUILD_PLAT} target to create the top build directory

Some platforms (for ex. UniPhier) want to create files in the very
top of the build directory. Add ${BUILD_PLAT} so such file

Build: introduce ${BUILD_PLAT} target to create the top build directory

Some platforms (for ex. UniPhier) want to create files in the very
top of the build directory. Add ${BUILD_PLAT} so such files can
depend on it.

Make existing directory targets depend on ${BUILD_PLAT} because
they are sub-directories of ${BUILD_PLAT}.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

show more ...