fiptool: Factor out setting of image descriptor action

An image descriptor contains an action and an argument. The action
indicates the intended operation, as requested by the user. It can be
pack

fiptool: Factor out setting of image descriptor action

An image descriptor contains an action and an argument. The action
indicates the intended operation, as requested by the user. It can be
pack, unpack or remove. Factor out setting those fields to a separate
function to minimize code duplication across the various commands that
modify these fields.

Change-Id: I1682958e8e83c4884e435cff6d0833c67726461f
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

fiptool: Remove unreferenced variable `toc_entries_len`

Change-Id: If279680a71e7fa1f801d79b8bc2cd47cd9905d33
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

fiptool: Fix format specifier for malloc/strdup wrappers

Change-Id: Ife8f198b4c45961e85ed6f4d463daa59009dab1c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

fiptool: Add support for operating on binary blobs using the UUID

Previously, fiptool only understood a fixed set of images as
specified in tbbr_config.c. It preserved unknown images during
the upd

fiptool: Add support for operating on binary blobs using the UUID

Previously, fiptool only understood a fixed set of images as
specified in tbbr_config.c. It preserved unknown images during
the update, unpack and remove operations but it was not possible to
explicitly refer to one of those unknown images.

Add a new --blob option to create/update/unpack/remove images that
are not known at compile time. This is accomplished by specifying
the UUID and filename pair as shown below:

$ ./fiptool create --blob uuid=01234567-89ab-cdef-0123-456789abcdef,file=foo.bin fip.bin
$ ./fiptool info fip.bin
01234567-89ab-cdef-0123-456789abcdef: offset=0x60, size=0x1AA68

Fixes ARM-software/tf-issues#420

Change-Id: Iaac2504b9a4252289c09e73d29645cbe240f3a82
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

fiptool: Prepare ground for expanding the set of images at runtime

To allow operating on images with unknown UUIDs, fiptool needs to
be able to track an arbitrary amount of images and not be limited

fiptool: Prepare ground for expanding the set of images at runtime

To allow operating on images with unknown UUIDs, fiptool needs to
be able to track an arbitrary amount of images and not be limited
to the set of images described by the builtin table.

Convert the table to a list to accommodate this scenario.

Change-Id: I0e6d738eece7795d74fc72d165a3098f223d4414
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>

show more ...

Merge pull request #798 from douglas-raillard-arm/dr/fix_std_smc_after_suspend

Abort preempted TSP STD SMC after PSCI CPU suspend

Abort preempted TSP STD SMC after PSCI CPU suspend

Standard SMC requests that are handled in the secure-world by the Secure
Payload can be preempted by interrupts that must be handled in the
normal

Abort preempted TSP STD SMC after PSCI CPU suspend

Standard SMC requests that are handled in the secure-world by the Secure
Payload can be preempted by interrupts that must be handled in the
normal world. When the TSP is preempted the secure context is stored and
control is passed to the normal world to handle the non-secure
interrupt. Once completed the preempted secure context is restored. When
restoring the preempted context, the dispatcher assumes that the TSP
preempted context is still stored as the SECURE context by the context
management library.

However, PSCI power management operations causes synchronous entry into
TSP. This overwrites the preempted SECURE context in the context
management library. When restoring back the SECURE context, the Secure
Payload crashes because this context is not the preempted context
anymore.

This patch avoids corruption of the preempted SECURE context by aborting
any preempted SMC during PSCI power management calls. The
abort_std_smc_entry hook of the TSP is called when aborting the SMC
request.

It also exposes this feature as a FAST SMC callable from normal world to
abort preempted SMC with FID TSP_FID_ABORT.

Change-Id: I7a70347e9293f47d87b5de20484b4ffefb56b770
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Merge pull request #794 from douglas-raillard-arm/dr/fix_TSP_STD_FID_macro

Fix TSP_STD_FID macro

Fix TSP_STD_FID macro

Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros.
Also remove an undefined behavior by using unsigned literals.

Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce

Fix TSP_STD_FID macro

Enforce valid FID input in TSP_STD_FID and TSP_FAST_FID macros.
Also remove an undefined behavior by using unsigned literals.

Change-Id: Id37e908da861980a4eaa3a70b37a729f416ce272
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>

show more ...

Merge pull request #792 from masahir0y/zynqmp

zynqmp: add "override" directive to mandatory options

Merge pull request #791 from jeenu-arm/asm-assert-32

AArch32: Print ASM_ASSERT and panic messages

zynqmp: add "override" directive to mandatory options

The platform.mk sets build options required for ZynqMP, but users
can still change them from the command line, like:

make PLAT=zynqmp RESET_T

zynqmp: add "override" directive to mandatory options

The platform.mk sets build options required for ZynqMP, but users
can still change them from the command line, like:

make PLAT=zynqmp RESET_TO_BL31=0 CROSS_COMPILE=...

Then, the makefile shows an error message in that case:
Using BL31 as the reset vector is only one option supported on ZynqMP.
Please set RESET_TO_BL31 to 1.

If the option is not user-configurable, the makefile can specify
"override" to prevent users from changing it. We do not need the
error message for the case that never happens.

Likewise, ENABLE_PLAT_COMPAT := 0 and PROGRAMMABLE_RESET_ADDRESS := 1
are mandatory to avoid build error.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Soren Brinkmann <soren.brinkmann@xilinx.com>

show more ...

Merge pull request #788 from jeenu-arm/cpuops-framework

Add provision to extend CPU operations at more levels

Merge pull request #793 from jeenu-arm/gic-changes

GIC driver changes for extended power management

Merge pull request #783 from danh-arm/sb/bl1-fwu-copy

Improve FWU documentation

- Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the
Firmware Update guide. Also extend the list of pre-conditions to
include the additional input vali

Improve FWU documentation

- Clarify the documentation of the 'FWU_SMC_IMAGE_COPY' SMC in the
Firmware Update guide. Also extend the list of pre-conditions to
include the additional input validation implemented by previous
patches.

- Improve documentation of bl1_plat_mem_check() in the porting
guide. It now specifies that the generic FWU code protects
bl1_plat_mem_check() from integer overflows resulting from
the addition of the base address and size passed in arguments.

Change-Id: I07b47a3778df7b9c089529b2dd2135707640a91c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Fix integer overflows in BL1 FWU code

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it do

Fix integer overflows in BL1 FWU code

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.

As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.

Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory

Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>

show more ...

Add some debug assertions in BL1 FWU copy code

These debug assertions sanity check the state of the internal
FWU state machine data when resuming an incomplete image copy
operation.

Change-Id: I38a

Add some debug assertions in BL1 FWU copy code

These debug assertions sanity check the state of the internal
FWU state machine data when resuming an incomplete image copy
operation.

Change-Id: I38a125b0073658c3e2b4b1bdc623ec221741f43e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

bl1_fwu_image_copy() refactoring

This patch refactors the code of the function handling a FWU_AUTH_COPY
SMC in BL1. All input validation has been moved upfront so it is now
shared between the RESET

bl1_fwu_image_copy() refactoring

This patch refactors the code of the function handling a FWU_AUTH_COPY
SMC in BL1. All input validation has been moved upfront so it is now
shared between the RESET and COPYING states.

Change-Id: I6a86576b9ce3243c401c2474fe06f06687a70e2f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>

show more ...

Minor refactoring of BL1 FWU code

This patch introduces no functional change, it just changes
the serial console output.

- Improve accuracy of error messages by decoupling some
error cases;

-

Minor refactoring of BL1 FWU code

This patch introduces no functional change, it just changes
the serial console output.

- Improve accuracy of error messages by decoupling some
error cases;

- Improve comments;

- Move declaration of 'mem_layout' local variable closer to
where it is used and make it const;

- Rename a local variable to clarify whether it is a source
or a destination address (base_addr -> dest_addr).

Change-Id: I349fcf053e233f316310892211d49e35ef2c39d9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>

show more ...

Export is_mem_free() function

The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.

Change-Id: I01dcb4229f3a36f56a4724b567

Export is_mem_free() function

The is_mem_free() function used to be local to bl_common.c.
This patch exports it so that it can be used outside of bl_common.c.

Change-Id: I01dcb4229f3a36f56a4724b567c5e6c416dc5e98
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

show more ...

Merge pull request #785 from dp-arm/dp/nvcounter

Merge pull request #781 from yatharth-arm/yk/aarch64_tbbr_load_img_v2

Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1

Merge pull request #779 from dp-arm/dp/rtinstr-cache

Add two timestamps to measure PSCI cache flush overhead

Merge pull request #778 from antonio-nino-diaz-arm/an/xlat-fixes

Fixes and improvements to translation tables library