Do basic CryptoCell LCS check

This patch implements the basic lifecycle state check when CryptoCell
SBROM is initialized. Currently the check ensures that if the lifecycle
state is Security Disabled

Do basic CryptoCell LCS check

This patch implements the basic lifecycle state check when CryptoCell
SBROM is initialized. Currently the check ensures that if the lifecycle
state is Security Disabled (SD), the boot process does not proceed
further.

Change-Id: I5101335453cd3ea413e97bcfb9138a96c05e1aea
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

ARM plat changes to enable CryptoCell integration

This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as fol

ARM plat changes to enable CryptoCell integration

This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:

* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.

* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.

* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.

Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Add CC crypto driver to the Auth module

This patch adds a crypto driver which utilizes the ARM® TrustZone®
CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
with this driv

Add CC crypto driver to the Auth module

This patch adds a crypto driver which utilizes the ARM® TrustZone®
CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
with this driver, the CryptoCell SBROM library is required to successfully
build the BL image. The path to this library is specified via
the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required
to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for
signature and hash verification.

Change-Id: If82dfbae0d7772ba1c64839f0b27850c103fe253
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Add headers to enable CryptoCell integration

This patch adds header files with required declarations and
macro definitions to enable integration with CryptoCell SBROM
version `CC712 – Release 1.0.0.

Add headers to enable CryptoCell integration

This patch adds header files with required declarations and
macro definitions to enable integration with CryptoCell SBROM
version `CC712 – Release 1.0.0.1061`. These headers enable ARM
Trusted Firmware to build and link with CryptoCell SBROM
library.

Change-Id: I501eda7fe1429acb61db8e1cab78cc9aee9c1871
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Add support to link an external lib with ARM TF

This patch defines the variable `LDLIBS` which allows external
libraries to be specified to 'ld' to enable it to link the
libraries.

Change-Id: I02a4

Add support to link an external lib with ARM TF

This patch defines the variable `LDLIBS` which allows external
libraries to be specified to 'ld' to enable it to link the
libraries.

Change-Id: I02a490eca1074063d00153ccb0ee974ef8859a0e
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

show more ...

Merge pull request #1008 from douglas-raillard-arm/dr/add_TF_LDFLAGS

Introduce TF_LDFLAGS and improve CFLAGS documentation

Document CFLAGS make option

CFLAGS content can be set on the command line to allow passing extra
options to the compiler. Its content is appended after the options set
by the Makefile (TF_CFLAGS).

Document CFLAGS make option

CFLAGS content can be set on the command line to allow passing extra
options to the compiler. Its content is appended after the options set
by the Makefile (TF_CFLAGS).

The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be
completely overriden by setting it on the command line.

Also tell about LDFLAGS in the "Debugging options" section.

Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Introduce TF_LDFLAGS

Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.

Do

Introduce TF_LDFLAGS

Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.

Document new LDFLAGS Makefile option.

Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Merge pull request #1009 from islmit01/im/aarch32_juno

Add Juno AArch32 and AArch64 User Guide instructions

Add Juno AArch32 and AArch64 User Guide instructions

Updated section 6, building a FIP for Juno and FVP, adding
instructions for AArch32 and AArch64.

Updated section 4.1, summary of build options,

Add Juno AArch32 and AArch64 User Guide instructions

Updated section 6, building a FIP for Juno and FVP, adding
instructions for AArch32 and AArch64.

Updated section 4.1, summary of build options, to include a
description of the `JUNO_AARCH32_EL3_RUNTIME` build flag.

Change-Id: I4ed006522cab981371c382859063f088fbfcb8f7
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>

show more ...

Merge pull request #1006 from robertovargas-arm/doc-format

Improve format of exception vectors in BL1 description

Merge pull request #1004 from rockchip-linux/erratum-rk3399

rockchip: enable A53's erratum 855873 for rk3399

Merge pull request #1003 from douglas-raillard-arm/dr/doc_fix_broken_link

Fix broken link in documentation

Merge pull request #1002 from douglas-raillard-arm/dr/fix_errata_a53

Apply workarounds for A53 Cat A Errata 835769 and 843419

Merge pull request #1001 from davidcunado-arm/dc/fix-signed-comparisons

Resolve signed-unsigned comparison issues

Merge pull request #978 from etienne-lms/minor-build

Minor build fixes

Improve format of exception vectors in BL1 description

Without the additional newlines all the text becomes a single paragraph
and next newlines are ignored.

Change-Id: I783198477f654e3923fcabb2124

Improve format of exception vectors in BL1 description

Without the additional newlines all the text becomes a single paragraph
and next newlines are ignored.

Change-Id: I783198477f654e3923fcabb21248f2bc62c33e9d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>

show more ...

rockchip: enable A53's erratum 855873 for rk3399

For rk3399, the L2ACTLR[14] is 0 by default, as ACE CCI-500 doesn't
support WriteEvict. and you will hit the condition L2ACTLR[3] with 0,
as the Evic

rockchip: enable A53's erratum 855873 for rk3399

For rk3399, the L2ACTLR[14] is 0 by default, as ACE CCI-500 doesn't
support WriteEvict. and you will hit the condition L2ACTLR[3] with 0,
as the Evict transactions should propagate to CCI-500 since it has
snoop filters.

Maybe this erratum applies to all Cortex-A53 cores so far, especially
if RK3399's A53 is a r0p4. we should enable it to avoid data corruption,

Change-Id: Ib86933f1fc84f8919c8e43dac41af60fd0c3ce2f
Signed-off-by: Caesar Wang <wxt@rock-chips.com>

show more ...

Merge pull request #1000 from dp-arm/dp/aarch32-boot

juno/aarch32: Fix boot on Cortex A57 and A72

Fix broken link in documentation

Fix link in docs/firmware-update.md and docs/change-log.md:
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Image-Terminology

Change-

Fix broken link in documentation

Fix link in docs/firmware-update.md and docs/change-log.md:
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Image-Terminology

Change-Id: I2d51d373fd0f7da59b548cd6bed52c47772014fd
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Resolve signed-unsigned comparison issues

A recent commit 030567e6f51731982a7e71cbd387de93bc0e35fd added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / e

Resolve signed-unsigned comparison issues

A recent commit 030567e6f51731982a7e71cbd387de93bc0e35fd added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.

This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.

Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53
Signed-off-by: David Cunado <david.cunado@arm.com>

show more ...

Merge pull request #999 from douglas-raillard-arm/dr/fix_tegra_CFLAGS

Fix Tegra CFLAGS usage

juno: Invalidate all caches before warm reset to AArch32 state.

On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is con

juno: Invalidate all caches before warm reset to AArch32 state.

On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is configured
and the data caches enabled. To avoid fetching stale data from the L2
unified cache, invalidate it before the warm reset to AArch32 state.

Change-Id: I7d27e810692c02c3e83c9f31de67f6bae59a960a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

juno/aarch32: Restore `SCP_BOOT_CFG_ADDR` to the cold boot value

Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started execut

juno/aarch32: Restore `SCP_BOOT_CFG_ADDR` to the cold boot value

Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started executing,
`SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but
the Juno AArch32 boot flow is a special case. BL1 does a warm reset
into AArch32 and the core jumps to the `sp_min` entrypoint. This is
effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be
able to determine the primary core and hence we need to restore
`SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.

This magically worked when booting on A53 because the core index was
zero and it just so happened to match with the new value in
`SCP_BOOT_CFG_ADDR`.

Change-Id: I105425c680cf6238948625c1d1017b01d3517c01
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>

show more ...

rockchip: include hdcp.bin and declare hdcp key decryption handler

For some reason, HDCP key decrytion can't open source in ATF, so we
build it as hdcp.bin. Besides declare the handler for decryptin

rockchip: include hdcp.bin and declare hdcp key decryption handler

For some reason, HDCP key decrytion can't open source in ATF, so we
build it as hdcp.bin. Besides declare the handler for decrypting.

Change-Id: Ia67ff2442ab43cb3ee4875b3d59cc1608e854b4b
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>

show more ...