Refactor the ARM CoreLink TZC-400 driver

TrustZone protection can be programmed by both memory and TrustZone
address space controllers like DMC-500 and TZC-400. These peripherals
share a similar pro

Refactor the ARM CoreLink TZC-400 driver

TrustZone protection can be programmed by both memory and TrustZone
address space controllers like DMC-500 and TZC-400. These peripherals
share a similar programmer's view.

Furthermore, it is possible to have multiple instances of each type of
peripheral in a system resulting in multiple programmer's views.
For example, on the TZC-400 each of the 4 filter units can be enabled
or disabled for each region. There is a single set of registers to
program the region attributes. On the DMC-500, each filter unit has its
own programmer's view resulting in multiple sets of registers to program
the region attributes. The layout of the registers is almost the same
across all these variations.

Hence the existing driver in `tzc400\tzc400.c` is refactored into the
new driver in `tzc\tzc400.c`. The previous driver file is still maintained
for compatibility and it is now deprecated.

Change-Id: Ieabd0528e244582875bc7e65029a00517671216d

show more ...

Remove xlat_helpers.c

lib/aarch64/xlat_helpers.c defines helper functions to build
translation descriptors, but no common code or upstream platform
port uses them. As the rest of the xlat_tables cod

Remove xlat_helpers.c

lib/aarch64/xlat_helpers.c defines helper functions to build
translation descriptors, but no common code or upstream platform
port uses them. As the rest of the xlat_tables code evolves, there
may be conflicts with these helpers, therefore this code should be
removed.

Change-Id: I9f5be99720f929264818af33db8dada785368711

show more ...

TBB: add non-volatile counter support

This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in th

TBB: add non-volatile counter support

This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.

The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.

** NEW PLATFORM APIs (mandatory when TBB is enabled) **

int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);

This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.

int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);

This API sets a new counter value. The cookie may be
used to select the counter to be updated.

An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.

** IMPORTANT **

THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.

Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a

show more ...

Merge pull request #570 from davwan01/bl31-in-dram

Add support to load BL31 in DRAM

Merge pull request #554 from ljerry/tf_issue_368_ter

Enable asynchronous abort exceptions during boot

Add support to load BL31 in DRAM

This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.

To enable this feature, set `ARM_BL31

Add support to load BL31 in DRAM

This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.

To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
If TSP is present, then setting this option also sets the TSP location
to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.

To use this feature, BL2 platform code must map in the DRAM used by
BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
Currently, only the FVP BL2 platform code maps in this DRAM.

Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67

show more ...

Add ISR_EL1 to crash report

Bring ISR bits definition as a mnemonic for troublershooters as well.

Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>

Remove DAIF bits handling macros

These macros are unused and redundant with other CPU system registers
functions.

Moreover enable_serror() function implementation may not reach its purpose
because

Remove DAIF bits handling macros

These macros are unused and redundant with other CPU system registers
functions.

Moreover enable_serror() function implementation may not reach its purpose
because it does not handle the value of SCR_EL3.EA.

Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>

show more ...

Enable asynchronous abort exceptions during boot

Asynchronous abort exceptions generated by the platform during cold boot are
not taken in EL3 unless SCR_EL3.EA is set.

Therefore EA bit is set alon

Enable asynchronous abort exceptions during boot

Asynchronous abort exceptions generated by the platform during cold boot are
not taken in EL3 unless SCR_EL3.EA is set.

Therefore EA bit is set along with RES1 bits in early BL1 and BL31 architecture
initialisation. Further write accesses to SCR_EL3 preserve these bits during
cold boot.

A build flag controls SCR_EL3.EA value to keep asynchronous abort exceptions
being trapped by EL3 after cold boot or not.

For further reference SError Interrupts are also known as asynchronous external
aborts.

On Cortex-A53 revisions below r0p2, asynchronous abort exceptions are taken in
EL3 whatever the SCR_EL3.EA value is.

Fixes arm-software/tf-issues#368

Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>

show more ...

cert_create: add non-volatile counter support

This patch adds non-volatile counter support to the Certificate
Generation tool. The TBBR Chain of Trust definition in the tool
has been extended to inc

cert_create: add non-volatile counter support

This patch adds non-volatile counter support to the Certificate
Generation tool. The TBBR Chain of Trust definition in the tool
has been extended to include the counters as certificate extensions.
The counter values can be specified in the command line.

The following default counter values are specified in the build
system:

* Trusted FW Non-Volatile counter = 0
* Non-Trusted FW Non-Volatile counter = 0

These values can be overridden by the platform at build time.

Change-Id: I7ea10ee78d72748d181df4ee78a7169b3ef2720c

show more ...

Merge pull request #561 from antonio-nino-diaz-arm/an/bootwrapper

Enable preloaded BL33 alternative boot flow

Merge pull request #560 from sandrine-bailleux-arm/sb/restructure-doc

Simplify Firmware Design document

Merge pull request #559 from soby-mathew/sm/cpu_ops_verbose_log

Make cpu operations warning a VERBOSE print

Add support for %z in tf_print()

Add support for %z format specific in tf_printf() to support
printing data of type size_t

Fixes ARM-software/tf-issues#380

Signed-off-by Scott Branden <scott.brand

Add support for %z in tf_print()

Add support for %z format specific in tf_printf() to support
printing data of type size_t

Fixes ARM-software/tf-issues#380

Signed-off-by Scott Branden <scott.branden@broadcom.com>

show more ...

Simplify Firmware Design document

The Firmware Design document is meant to provide a general overview
of the Trusted Firmware code. Although it is useful to provide some
guidance around the responsi

Simplify Firmware Design document

The Firmware Design document is meant to provide a general overview
of the Trusted Firmware code. Although it is useful to provide some
guidance around the responsibilities of the platform layer, it should
not provide too much platform specific implementation details. Right
now, some sections are too tied to the implementation on ARM
platforms. This makes the Firmware Design document harder to digest.

This patch simplifies this aspect of the Firmware Design document.
The sections relating the platform initialisations performed by the
different BL stages have been simplified and the extra details about
the ARM platforms implementation have been moved to the Porting Guide
when appropriate.

This patch also provides various documentation fixes and additions
in the Firmware Design and Platform Porting Guide. In particular:

- Update list of SMCs supported by BL1.

- Remove MMU setup from architectural inits, as it is actually
performed by platform code.

- Similarly, move runtime services initialisation, BL2 image
initialization and BL33 execution out of the platform
initialisation paragraph.

- List SError interrupt unmasking as part of BL1 architectural
initialization.

- Mention Trusted Watchdog enabling in BL1 on ARM platforms.

- Fix order of steps in "BL2 image load and execution" section.

- Refresh section about GICv3/GICv2 drivers initialisation on
ARM platforms.

Change-Id: I32113c4ffdc26687042629cd8bbdbb34d91e3c14

show more ...

Make cpu operations warning a VERBOSE print

The assembler helper function `print_revision_warning` is used when a
CPU specific operation is enabled in the debug build (e.g. an errata
workaround) but

Make cpu operations warning a VERBOSE print

The assembler helper function `print_revision_warning` is used when a
CPU specific operation is enabled in the debug build (e.g. an errata
workaround) but doesn't apply to the executing CPU's revision/part number.
However, in some cases the system integrator may want a single binary to
support multiple platforms with different IP versions, only some of which
contain a specific erratum. In this case, the warning can be emitted very
frequently when CPUs are being powered on/off.

This patch modifies this warning print behaviour so that it is emitted only
when LOG_LEVEL >= LOG_LEVEL_VERBOSE. The `debug.h` header file now contains
guard macros so that it can be included in assembly code.

Change-Id: Ic6e7a07f128dcdb8498a5bfdae920a8feeea1345

show more ...

Merge pull request #552 from antonio-nino-diaz-arm/an/cache-dts

Add cache topology info to FVP DTBs

Merge pull request #550 from antonio-nino-diaz-arm/an/dead_loops

Remove all non-configurable dead loops

Remove all non-configurable dead loops

Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it ma

Remove all non-configurable dead loops

Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.

Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().

All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.

Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134

show more ...

Merge pull request #547 from ljerry/tf_issue_371

Add "size" function to IO memmap device driver

Add "size" function to IO memmap device driver

Hence memmap device can be used to load an image without being wrapped in a
FIP.

Fixes arm-software/tf-issues#371

Signed-off-by: Gerald Lejeune <gera

Add "size" function to IO memmap device driver

Hence memmap device can be used to load an image without being wrapped in a
FIP.

Fixes arm-software/tf-issues#371

Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>

show more ...

Merge pull request #546 from mtk09422/mtk-bl31-update

Mtk bl31 update

Merge pull request #542 from sandrine-bailleux-arm/km/pt-zero

Initialize all translation table entries

Merge pull request #538 from sandrine-bailleux-arm/sb/extend-memory-types

Extend memory attributes to map non-cacheable memory

Merge pull request #541 from antonio-nino-diaz-arm/an/secondary-cpu-init

Initialize secondary CPUs during cold boot