Fix TSPD implementation of STD SMC ABORT

ABORT SMC used to return to the previously executing world, which
happened to be S-EL1 as it calls a TSP handler using synchronous entry
into the TSP.

Now p

Fix TSPD implementation of STD SMC ABORT

ABORT SMC used to return to the previously executing world, which
happened to be S-EL1 as it calls a TSP handler using synchronous entry
into the TSP.

Now properly save and restore the non-secure context (including system
registers) and return to non-secure world as it should.

fixes ARM-Software/tf-issues#453

Change-Id: Ie40c79ca2636ab8b6b2ab3106e8f49e0f9117f5f
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Tegra: init normal/crash console for platforms

The BL2 fills in the UART controller ID to be used as the normal as
well as the crash console on Tegra platforms. The controller ID to
UART controller

Tegra: init normal/crash console for platforms

The BL2 fills in the UART controller ID to be used as the normal as
well as the crash console on Tegra platforms. The controller ID to
UART controller base address mapping is handled by each Tegra SoC
the base addresses might change across Tegra chips.

This patch adds the handler to parse the platform params to get the
UART ID for the per-soc handlers.

Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: add tzdram_base to plat_params_from_bl2 struct

This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct
in order to store the TZDRAM carveout base address used to load

Tegra: add tzdram_base to plat_params_from_bl2 struct

This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct
in order to store the TZDRAM carveout base address used to load the Trusted OS.
The monitor programs the memory controller with the TZDRAM base and size in order
to deny any accesses from the NS world.

Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: Memory Controller Driver (v1)

This patch renames the current Memory Controller driver files to
"_v1". This is done to add a driver for the new Memory Controller
hardware (v2).

Change-Id: I66

Tegra: Memory Controller Driver (v1)

This patch renames the current Memory Controller driver files to
"_v1". This is done to add a driver for the new Memory Controller
hardware (v2).

Change-Id: I668dbba42f6ee0db2f59a7103f0ae7e1d4684ecf
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: sanity check members of the "from_bl2" struct

This patch checks that the pointers to BL3-3 and BL3-2 ep_info
structs are valid before accessing them. Add some INFO prints
in the BL3-1 setup p

Tegra: sanity check members of the "from_bl2" struct

This patch checks that the pointers to BL3-3 and BL3-2 ep_info
structs are valid before accessing them. Add some INFO prints
in the BL3-1 setup path for early debugging purposes.

Change-Id: I62b23fa870f1b2fb783c8de69aab819f1749d15a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

cpus: Add support for all Denver variants

This patch adds support for all variants of the Denver CPUs. The
variants export their cpu_ops to allow all Denver platforms to run
the Trusted Firmware sta

cpus: Add support for all Denver variants

This patch adds support for all variants of the Denver CPUs. The
variants export their cpu_ops to allow all Denver platforms to run
the Trusted Firmware stack.

Change-Id: I1488813ddfd506ffe363d8a32cda1b575e437035
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Remove redundant assert

Static checks flag an assert added in commit 1f786b0 that compares
unsigned value to 0, which will never fail.

Change-Id: I4b02031c2cfbd9a25255d12156919dda7d4805a0
Signed-of

Remove redundant assert

Static checks flag an assert added in commit 1f786b0 that compares
unsigned value to 0, which will never fail.

Change-Id: I4b02031c2cfbd9a25255d12156919dda7d4805a0
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...

Tegra: use ClusterId for calculating core position

This patch modifies platform_get_core_pos() to use the Cluster ID
field as well to calculate the final index value. This helps the
system to store

Tegra: use ClusterId for calculating core position

This patch modifies platform_get_core_pos() to use the Cluster ID
field as well to calculate the final index value. This helps the
system to store CPU data for multi-cluster configurations.

Change-Id: I76e35f723f741e995c6c9156e9d61b0b2cdd2709
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: enable processor retention and L2/CPUECTLR access

This patch enables the processor retention and L2/CPUECTLR read/write
access from the NS world only for Cortex-A57 CPUs on the Tegra SoCs.

C

Tegra: enable processor retention and L2/CPUECTLR access

This patch enables the processor retention and L2/CPUECTLR read/write
access from the NS world only for Cortex-A57 CPUs on the Tegra SoCs.

Change-Id: I9941a67686ea149cb95d80716fa1d03645325445
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: define MAX_XLAT_TABLES and MAX_MMAP_REGIONS per-platform

This patch moves these address translation helper macros to individual
Tegra SoC makefiles to provide more control.

Change-Id: Ieab53

Tegra: define MAX_XLAT_TABLES and MAX_MMAP_REGIONS per-platform

This patch moves these address translation helper macros to individual
Tegra SoC makefiles to provide more control.

Change-Id: Ieab53c457c73747bd0deb250459befb5b7b9363f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: SoC specific SiP handlers

This patch converts the common SiP handler to SoC specific SiP
handler. T210 and T132 have different SiP SMCs and so it makes
sense to move the SiP handler to soc/t1

Tegra: SoC specific SiP handlers

This patch converts the common SiP handler to SoC specific SiP
handler. T210 and T132 have different SiP SMCs and so it makes
sense to move the SiP handler to soc/t132 and soc/t210 folders.

Change-Id: Idfe48384d63641137d74a095432df4724986b241
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Tegra: include flowctlr driver from SoC specific makefiles

The Flow Controller hardware block is not present across all Tegra
SoCs, hence include the driver files from SoC specific makefiles.

T132/

Tegra: include flowctlr driver from SoC specific makefiles

The Flow Controller hardware block is not present across all Tegra
SoCs, hence include the driver files from SoC specific makefiles.

T132/T210 are the SoCs which include this hardware block while future
SoCs have removed it.

Change-Id: Iaca25766a4fa51567293d10cf14dae968b0fae80
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

show more ...

Merge pull request #844 from antonio-nino-diaz-arm/an/no-timingsafe

Revert "tbbr: Use constant-time bcmp() to compare hashes"

Merge pull request #843 from jeenu-arm/cas-lock

Introduce locking primitives using CAS instruction

Merge pull request #842 from jeenu-arm/io-memmap-asserts

Add bounds checking asserts to memmap IO driver

Merge pull request #841 from dp-arm/dp/debug-regs

Disable secure self-hosted debug

Revert "tbbr: Use constant-time bcmp() to compare hashes"

This reverts commit b621fb503c76f3bdf06ed5ed1d3a995df8da9c50.

Because of the Trusted Firmware design, timing-safe functions are not
needed.

Revert "tbbr: Use constant-time bcmp() to compare hashes"

This reverts commit b621fb503c76f3bdf06ed5ed1d3a995df8da9c50.

Because of the Trusted Firmware design, timing-safe functions are not
needed. Using them may be misleading as it could be interpreted as being
a protection against private data leakage, which isn't the case here.

For each image, the SHA-256 hash is calculated. Some padding is appended
and the result is encrypted with a private key using RSA-2048. This is
the signature of the image. The public key is stored along with BL1 in
read-only memory and the encrypted hash is stored in the FIP.

When authenticating an image, the TF decrypts the hash stored in the FIP
and recalculates the hash of the image. If they don't match, the boot
sequence won't continue.

A constant-time comparison does not provide additional security as all
the data involved in this process is already known to any attacker.
There is no private data that can leaked through a timing attack when
authenticating an image.

`timingsafe_bcmp()` is kept in the codebase because it could be useful
in the future.

Change-Id: I44bdcd58faa586a050cc89447e38c142508c9888
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

show more ...

Merge pull request #834 from douglas-raillard-arm/dr/use_dc_zva_zeroing

Use DC ZVA instruction to zero memory

Merge pull request #840 from dp-arm/dp/cppcheck-fixes

Fix minor issues found by cppcheck

Merge pull request #838 from davidcunado-arm/dc/update_userguide

Migrate to Linaro Release 16.12

Merge pull request #829 from masahir0y/build

Makefile: use git describe for BUILD_STRING

Juno: Disable SPIDEN in release builds

On Juno, the secure privileged invasive debug authentication signal
(SPIDEN) is controlled by board SCC registers, which by default enable
SPIDEN. Disable sec

Juno: Disable SPIDEN in release builds

On Juno, the secure privileged invasive debug authentication signal
(SPIDEN) is controlled by board SCC registers, which by default enable
SPIDEN. Disable secure privileged external debug in release builds by
programming the appropriate Juno SoC registers.

Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Disable secure self-hosted debug via MDCR_EL3/SDCR

Trusted Firmware currently has no support for secure self-hosted
debug. To avoid unexpected exceptions, disable software debug
exceptions, other t

Disable secure self-hosted debug via MDCR_EL3/SDCR

Trusted Firmware currently has no support for secure self-hosted
debug. To avoid unexpected exceptions, disable software debug
exceptions, other than software breakpoint instruction exceptions,
from all exception levels in secure state. This applies to both
AArch32 and AArch64 EL3 initialization.

Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Fix minor issues found by cppcheck

cppcheck highlighted variables that were initialized but then later
reassigned.

Change-Id: Ie12742c01fd3bf48b2d6c05a3b448da91d57a2e4
Signed-off-by: dp-arm <dimitr

Fix minor issues found by cppcheck

cppcheck highlighted variables that were initialized but then later
reassigned.

Change-Id: Ie12742c01fd3bf48b2d6c05a3b448da91d57a2e4
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Add bounds checking asserts to memmap IO driver

The memmap IO driver doesn't perform bounds check when reading, writing,
or seeking. The onus to vet parameters is on the caller, and this patch
asser

Add bounds checking asserts to memmap IO driver

The memmap IO driver doesn't perform bounds check when reading, writing,
or seeking. The onus to vet parameters is on the caller, and this patch
asserts that:

- non-negative size is specified for for backing memory;

- valid parameters are passed into the driver for read, write and seek
operations.

Change-Id: I6518c4065817e640e9e7e39a8a4577655f2680f7
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>

show more ...