Move up dependency versions in user guide

Move up the version numbers in the user guide of:

* DS-5 (to v5.20)
* EDK2 (to v2.1-rc0)
* Linux Kernel (to 1.3-Juno)
* Linaro file-system (to 14.12)
* Jun

Move up dependency versions in user guide

Move up the version numbers in the user guide of:

* DS-5 (to v5.20)
* EDK2 (to v2.1-rc0)
* Linux Kernel (to 1.3-Juno)
* Linaro file-system (to 14.12)
* Juno SCP binary (to 1.5.0-rc0 within board recovery image 0.10.1).
Also remove duplicate information that is available from the
ARM Connected Community website.
* Base FVP (to 6.2)
* Foundation FVP (to 9.1). Also update the name of the Foundation
FVP binary since it has changed since version 2.1.

Co-Authored-By: Dan Handley <dan.handley@arm.com>

Change-Id: I1cf2f2b1a3f1b997ac905a4ab440876d265698c0

show more ...

Merge pull request #252 from sandrine-bailleux/v1.1-misc-doc-fixes

Miscellaneous doc fixes for v1.1

Miscellaneous doc fixes for v1.1

Change-Id: Iaf9d6305edc478d39cf1b37c8a70ccdf723e8ef9

Merge pull request #251 from soby-mathew/sm/reset_handler_fix_v2

Fix the Cortex-A57 reset handler register usage v2

Fix the Cortex-A57 reset handler register usage

The CPU specific reset handlers no longer have the freedom
of using any general purpose register because it is being invoked
by the BL3-1 entry point

Fix the Cortex-A57 reset handler register usage

The CPU specific reset handlers no longer have the freedom
of using any general purpose register because it is being invoked
by the BL3-1 entry point in addition to BL1. The Cortex-A57 CPU
specific reset handler was overwriting x20 register which was being
used by the BL3-1 entry point to save the entry point information.
This patch fixes this bug by reworking the register allocation in the
Cortex-A57 reset handler to avoid using x20. The patch also
explicitly mentions the register clobber list for each of the
callee functions invoked by the reset handler

Change-Id: I28fcff8e742aeed883eaec8f6c4ee2bd3fce30df

show more ...

Merge pull request #249 from danh-arm/jc/tbb_prototype

Trusted Board Boot Prototype

TBB: authenticate BL3-x images and certificates

This patch adds support to authenticate the Trusted Key certificate
and the BL3-x certificates and images at BL2.

Change-Id: I69a8c13a14c8da8b75f9309

TBB: authenticate BL3-x images and certificates

This patch adds support to authenticate the Trusted Key certificate
and the BL3-x certificates and images at BL2.

Change-Id: I69a8c13a14c8da8b75f93097d3a4576aed71c5dd

show more ...

FVP: initialize IO framework in bl2_early_platform_setup()

This patch moves fvp_io_setup() to bl2_early_platform_setup() in order
to allow BL2 to use the IO framework before bl2_platform_setup().

C

FVP: initialize IO framework in bl2_early_platform_setup()

This patch moves fvp_io_setup() to bl2_early_platform_setup() in order
to allow BL2 to use the IO framework before bl2_platform_setup().

Change-Id: I75e1a772ab5f9b4727f6727822a2527c30f3c63d

show more ...

TBB: authenticate BL2 image and certificate

This patch adds support to authenticate the BL2 content certificate
and image using the authentication module in BL1.

The FIP driver has been extended to

TBB: authenticate BL2 image and certificate

This patch adds support to authenticate the BL2 content certificate
and image using the authentication module in BL1.

The FIP driver has been extended to include the BL2 certificate
UUID.

FVP and Juno ports include the BL2 certificate FIP file
definition.

Change-Id: I32680e9bd123c8db4a4193c14448c9b32b0e9325

show more ...

TBB: add authentication module interface

This patch provides an API to access the authentication module that
will be used to verify the authenticity of the images loaded into
memory as part of the T

TBB: add authentication module interface

This patch provides an API to access the authentication module that
will be used to verify the authenticity of the images loaded into
memory as part of the Trusted Board Boot process.

To include the authentication module as part of the build, set the
boolean build option TRUSTED_BOARD_BOOT. One single authentication
module must be registered at build time by setting the build option
AUTH_MOD=<mod_name>. All authentication modules will be located in
'common/auth/<mod_name>' and must present the <mod_name>.mk file that
will be included by the build system to compile the module sources.

To create an authentication module, an instance of auth_mod_t called
'auth_mod' must be declared in the module sources. The initialization
and verification functions provided by the module will be exported
through the function pointers specified when declaring this instance.

If an authentication module includes third party sources that do not
adhere to the C99 standard, the -pedantic option may be removed from
the build options by setting the flag DISABLE_PEDANTIC in the module
file <mod_name>.mk.

Change-Id: I080bb04bd421029bcdf22ec2c63807afbf061dcd

show more ...

TBB: add PolarSSL based authentication module

This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.

PolarS

TBB: add PolarSSL based authentication module

This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.

PolarSSL sources must be fetched separately. The POLARSSL_DIR
build option may be used to indicate the path to the PolarSSL
main directory (this directory must contain the 'include' and
'library' subdirectories).

To be able to build PolarSSL sources as a part of the Trusted
Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
will tell the build system to remove the -pedantic option from
the CFLAGS.

Inclusion of PolarSSL increases the memory requirements of the BL1
and BL2 images. The following are the changes made to the FVP and
Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
defined:

Changes on FVP:

- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- BL2 memory region has been increased to 112 KB

Changes on Juno:

- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- Trusted ROM region in Flash has been increased to 128 KB.
- BL2 memory region has been increased to 116 KB

Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80

show more ...

stdlib: add missing features to build PolarSSL

This patch adds the missing features to the C library included
in the Trusted Firmware to build PolarSSL:

- strcasecmp() function
- exit() functio

stdlib: add missing features to build PolarSSL

This patch adds the missing features to the C library included
in the Trusted Firmware to build PolarSSL:

- strcasecmp() function
- exit() function
- sscanf()* function
- time.h header file (and its dependencies)

* NOTE: the sscanf() function is not a real implementation. It just
returns the number of expected arguments by counting the number of
'%' characters present in the formar string. This return value is
good enough for PolarSSL because during the certificate parsing
only the return value is checked. The certificate validity period
is ignored.

Change-Id: I43bb3742f26f0bd458272fccc3d72a7f2176ab3d

show more ...

TBB: add a platform specific function to validate the ROTPK

This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification m

TBB: add a platform specific function to validate the ROTPK

This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.

The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).

TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.

For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.

Documentation updated accordingly.

Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3

show more ...

TBB: add support to include certificates in a FIP image

This patch extends the FIP tool to include the certificates
generated by the 'cert_create' tool.

If GENERATE_COT build option is enabled, the

TBB: add support to include certificates in a FIP image

This patch extends the FIP tool to include the certificates
generated by the 'cert_create' tool.

If GENERATE_COT build option is enabled, the Makefile adds the
certificates as dependencies to create the FIP file. Thus, make
target 'fip' will also build the certificates as part of the
Trusted Firmware build process.

Change-Id: I5eee500da7f7be6cfb6e3df0423599739d260074

show more ...

TBB: add tool to generate certificates

This patch adds a tool that generates all the necessary elements
to establish the chain of trust (CoT) between the images.

The tool reads the binary images an

TBB: add tool to generate certificates

This patch adds a tool that generates all the necessary elements
to establish the chain of trust (CoT) between the images.

The tool reads the binary images and signing keys and outputs the
corresponding certificates that will be used by the target at run
time to verify the authenticity of the images.

Note: the platform port must provide the file platform_oid.h. This
file will define the OIDs of the x509 extensions that will be added
to the certificates in order to establish the CoT.

Change-Id: I2734d6808b964a2107ab3a4805110698066a04be

show more ...

Skip reserving memory for non-executable and BL3-0 images

This patch adds support to not reserve the memory where an image is
loaded if the image is:

1. A non-executable image e.g. a certificate

Skip reserving memory for non-executable and BL3-0 images

This patch adds support to not reserve the memory where an image is
loaded if the image is:

1. A non-executable image e.g. a certificate
2. An executable image which is not meant to run on the
application CPU (e.g. BL3-0)

Both types of images are characterized by a NULL entrypoint argument
to the load_image() function. It is used to distinguish them from
other type of images.

Important: Use this feature carefully. The caller is responsible for
providing a valid entrypoint while loading images which will execute
on the application CPU to prevent a potential overwrite of the
corresponding memory region.

Change-Id: Ied482280d9db714c529ec12c33a6c1d918d77a4e

show more ...

Merge pull request #248 from jcastillo-arm/jc/tf-issues/212_1

Allow BL3-2 to be loaded into the secure region of DRAM

Merge pull request #247 from achingupta/ag/tf-issues#275

Call reset handlers upon BL3-1 entry.

Call reset handlers upon BL3-1 entry.

This patch adds support to call the reset_handler() function in BL3-1 in the
cold and warm boot paths when another Boot ROM reset_handler() has already run.

Th

Call reset handlers upon BL3-1 entry.

This patch adds support to call the reset_handler() function in BL3-1 in the
cold and warm boot paths when another Boot ROM reset_handler() has already run.

This means the BL1 and BL3-1 versions of the CPU and platform specific reset
handlers may execute different code to each other. This enables a developer to
perform additional actions or undo actions already performed during the first
call of the reset handlers e.g. apply additional errata workarounds.

Typically, the reset handler will be first called from the BL1 Boot ROM. Any
additional functionality can be added to the reset handler when it is called
from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
to identify whether this is the first version of the reset handler code to be
executed or an overridden version of the code.

The Cortex-A57 errata workarounds are applied only if they have not already been
applied.

Fixes ARM-software/tf-issue#275

Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053

show more ...

Merge pull request #246 from soby-mathew/sm/route_IRQ_EL3

Demonstrate model for routing IRQs to EL3

Demonstrate model for routing IRQs to EL3

This patch provides an option to specify a interrupt routing model
where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
When such an inter

Demonstrate model for routing IRQs to EL3

This patch provides an option to specify a interrupt routing model
where non-secure interrupts (IRQs) are routed to EL3 instead of S-EL1.
When such an interrupt occurs, the TSPD arranges a return to
the normal world after saving any necessary context. The interrupt
routing model to route IRQs to EL3 is enabled only during STD SMC
processing. Thus the pre-emption of S-EL1 is disabled during Fast SMC
and Secure Interrupt processing.

A new build option TSPD_ROUTE_NS_INT_EL3 is introduced to change
the non secure interrupt target execution level to EL3.

Fixes ARM-software/tf-issues#225

Change-Id: Ia1e779fbbb6d627091e665c73fa6315637cfdd32

show more ...

Merge pull request #245 from danh-arm/sm/psci_version

Increment the PSCI VERSION to 1.0 (PR v2)

Increment the PSCI VERSION to 1.0

This patch:

* Bumps the PSCI VERSION to 1.0. This means that
the PSCI_VERSION API will now return the value 0x00010000
to indicate the version as 1.0.

Increment the PSCI VERSION to 1.0

This patch:

* Bumps the PSCI VERSION to 1.0. This means that
the PSCI_VERSION API will now return the value 0x00010000
to indicate the version as 1.0. The firmware remains
compatible with PSCI v0.2 clients.

* The firmware design guide is updated to document the
APIs supported by the Trusted Firmware generic code.

* The FVP Device Tree Sources (dts) and Blobs(dtb) are also
updated to add "psci-1.0" and "psci-0.2" to the list of
compatible PSCI versions.

Change-Id: Iafc2f549c92651dcd65d7e24a8aae35790d00f8a

show more ...

Merge pull request #244 from danh-arm/sm/psci_mig_feat

Rework PSCI migrate APIs and implement the FEATURES API v2

Verify capabilities before handling PSCI calls

This patch implements conditional checks in psci_smc_handler() to verify
that the psci function invoked by the caller is supported by the platform
or S

Verify capabilities before handling PSCI calls

This patch implements conditional checks in psci_smc_handler() to verify
that the psci function invoked by the caller is supported by the platform
or SPD implementation. The level of support is saved in the 'psci_caps'
variable. This check allows the PSCI implementation to return an error
early.

As a result of the above verification, the checks performed within the psci
handlers for the pm hooks are now removed and replaced with assertions.

Change-Id: I9b5b646a01d8566dc28c4d77dd3aa54e9bf3981a

show more ...